top of page
yiranding-yOWUAKYk46Y-unsplash%2520copy_

Privacy Policy

AEON PAYMENT TECHNOLOGIES LTD (“AEON” or “the Company”) is a Company duly registered under the laws of the Republic of Cyprus with Registration Number HE 320939, having the necessary license and authorisation by the Central Bank of Cyprus with licence number 115.1.2.39/2023 to provide the services as stipulated in this Privacy Notice Online Statement policy, and as the legal holder of the trade name “AEON Payment Technologies”, and providing the services of reception and transmission of Clients’ Orders (referred to as ‘we’, ‘us’, ‘our’,’ “AEON” or “the Company”). 

In this Privacy Notice Online Statement policy, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.  Personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number. 

The Company is committed to safeguarding your privacy and handling your personal data in in a lawful, fair and transparent manner which respects the privacy of any user that accesses our site(s). Our Privacy Notice Online Statement policy is intended to explain how we protect the privacy of your personal and financial information. We will only use your information as described in our Privacy Notice Online Statement policy. 

This document will help you understand the following: 

  1. What personal data we collect and process about you as a customer and as a user of our website, mobile applications and online services; 

  2. Why we collect and process your data; 

  3. How the Company collects and processes your personal data; 

  4. Where we obtain the data from; 

  5. Your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’); 

  6. How and when we share your personal data with other third parties (for example, our service providers or suppliers). 

This document is directed to natural persons who are either past, current or potential customers of the Company, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of the Company. By accessing our websites, use our services, including using any of the communication channels to contact us, we consider that you have read and understood the terms of this notice and how we process any information you disclose to us including personal data prior to becoming a client.  

TYPES OF  PERSONAL DATA WE PROCESS 

We collect and process different types of personal data which we receive from our customers (potential and current) in the context of our business relationship. Specifically, we may collect the following types of data: 

  1. The data you give us for the creation of your account. Generally, these include your Name, home address, e-mail address, telephone number, birth date, place of birth (city and country), if you hold/held a prominent public function (for PEPs), FATCA / CRS info, passport or other recognized personal ID card numbers and details. 

  2. The data you enter when funding your account. Generally, these include your credit/debit card details or other payment details (IBAN, SWIFT codes etc). 

  3. The data you give us in relation to your financial status and experience. Generally, these include your education, employment status, your income and net worth, your past experience with other investment services. 

  4. The data you provide when requested to do so from our AML/KYC department in relation to your identity and or residence. Generally, these include copies of your identity document, proof of residence (e.g. utility bill) and copies of your credit/debit card(s). 

  5. The data you provide when requested to do so from our AML department in relation to the source of your funds. These include all information and documents you send us, generally being bank statements, payslips, shareholder certificates, dividend certificates etc. 

  6. The communications you exchange with us or direct to us via letters, emails, chat service, calls, and social media. 

  7. The results of enhanced due diligence we have performed on you. Generally, this includes data about your alleged commission or conviction of offences, your position in public office and any other publicly available information. 

  8. IP address.

  9. Details regarding the use of our Website.

 

YOUR OBLIGATION TO PROVICE US WITH YOUR DATA 

The establishment and legality of the contractual relationship between yourself and the Company is dependent on the provision by yourself of the data requested by the Company. You must provide to us those of your personal data are necessary for commencement and execution of a contractual-based business relationship between ourselves and for the performance of both parties’ contractual obligations. 

To maintain the contractual relationship and to receive services from the Company, you are obliged to provide us with certain personal data, as we are compelled by applicable AML/CTF legislation and regulations to identify you, verify your identity and perform due diligence or enhanced due diligence if applicable on your person to fulfil our AML obligations.  

If you fail to provide us with the requested data, the commencement or the continuation of our business relationship will not be possible. 

WHY WE PROCESS YOUR DATA 

Your data is processed with a de minimis(minimisation) principle in mind, meaning that we limit the processing of your data and the type of data processed to those strictly necessary for a legitimate reason. For example: 

  1. To provide you with the services you have requested (e.g. creation of your account, transmission of the orders you requested). 

  2. Assessment of the appropriateness of the financial instrument offered to you. 

  3. To perform payment functions. For example, funding/defunding operations on your account as per your instructions or as per the outcome of your investments. 

  4. To maintain communication with you and provide you with Customer Support services for resolving your concerns and generally enhancing your client experience. 

  5. General administrative functions. Maintenance of our internal records necessary for keeping your account up to date in our systems, troubleshooting and general record keeping. 

  6. Credit card fraud prevention. Your payment information shall be used for accounting, billing and audit purposes and to detect and / or prevent any fraudulent activities; 

  7. Anti-Money Laundering and Terrorist Financing checks and evaluations.  

  8. Market abuse checks and evaluations. 

  9. General crime prevention and/or cooperation with competent authorities. 

  10. Tax reporting purposes. 

  11. To comply with applicable legal obligations. 

 

THE LEGAL BASIS OF OUR DATA PROCESSING 

We process your personal data in strict accordance with the provisions allowing data processing under GDPR. We will only process your personal data where we have a legal basis to do so. This legal basis may vary according to the reasons for which we need to use your personal data. We may process your personal data if the processing is founded on one or more of the following legal bases: 

  1. The processing is necessary for compliance with a legal obligation to which we are subject. The majority of your data is processed under this category, as we are legally obliged to process it. The legal framework governing our operations imposes on us obligations which involve the process of personal data for the performance of identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls. We are subject to numerous legal obligations, emanating from the relevant laws and statutory requirements applicable to us.  We may process your data as required by the Money Laundering Law, the Cyprus Investment Services Law, Tax laws, the Law on Deposit Guarantee and Resolution of Credit and Other Institutions Scheme, the Payments Law. We are also subject to the regulations and laws of certain national and European supervisory authorities. Primarily this is the Cyprus and Securities Exchange Commission, but we may be subject to the rules of other authorities.  

  2. The processing is necessary for the performance of the contract.  The processing of your data is necessary for the fulfilment of the services you have requested from us via the establishment of a contractual relationship. We process personal data in order to offer and perform the financial services and transactions as specified in the contract we have entered into with you. The processing may also be necessary to complete our acceptance procedure so as to enter into a contract with prospective customers. 

  3. You have specifically consented to your personal data being used by us for a specific purpose. Such consent shall usually be relied upon for sending you marketing communications, news emails, financial market updates, announcements that may interest you etc. You may revoke your consent to this processing, however without any retroactivity. 

  4. The processing is necessary for the purposes of our legitimate interests as an investment firm. The processing of your data is necessary for the safeguarding of a legitimate interest in using your data. Generally, these interests include the Company’s risk management, defence in litigation, security measures, business development, crime prevention. The use of your data in this case shall not infringe on your fundamental rights and freedoms. 

 

MEANS OF COLLECTION OF DATA 

The majority of the data shall be acquired directly from you, either via the forms available on our website or via email or via other means of communication you chose to use and we chose to accept. However, we may also collect and process personal data which we lawfully obtain from other entities such as information aggregation agencies, public authorities, entities that introduce you to us, companies that process your card payments, your Bank(s) and intermediary/correspondent institutions. 

We can lawfully collect, and we are permitted to process personal data from publicly available sources such as National Company Registrars, National Land Registries, Bankruptcy Archives, commercial registers, the press, media and the Internet. 

DATA RETENTION PERIOD

The retention period for your data is primarily dependent on the retention rules imposed upon us by the applicable legislation. We are obliged by various laws to keep your data for a specific amount of time. Destruction of the data prior to the lapse of this period is not possible. When applicable, your data shall be securely deleted and/or destroyed and shall not be recoverable. We shall not notify you upon deletion as we will have no contact details to reach you. If we anonymise your personal data so that it can no longer be associated with you or identify you it shall not be considered personal data as per the definition of the Law and we may keep that information without further notice to you.   

 

WHO IS SHARING YOUR INFORMATION

Only, if necessary, your personal data may be shared between departments within the Company who have a legitimate reason to process it.  The Company may transmit your data to third party entities such as outsourced service providers, only if necessary and if a valid legal basis, as described in this document, exists to support the necessity. 

Such service providers shall have contractual relationships with the Company and are contractually bound to observe the same confidentiality and data protection rules that the Company has to follow. All such private-law external data processors instructed by the Company to process your data on the Company’s behalf have contractual obligations imposed upon them to comply with the GDPR provisions. 

Your personal data may be, for example, transmitted to the following entities: 

  1. Supervisory, regulatory and public authorities, including courts of justice, law enforcement authorities and other governmental bodies. 

  2. Financial institutions, payment service providers, card payment processors, correspondent banks 

  3. Information aggregation agencies for Anti Money-Laundering and Counter-Terrorist Financing 

  4. Legal counsel and consultants 

  5. Auditors and accounting consultants 

  6. Administrative service providers 

  7. Service providers and specialized advisors handling administrative, IT, analytics, online marketing, financial, regulatory, compliance, insurance, research, or related services 

  8. Marketing and customer support service providers 

We reserve the right to disclose your personal information as required by rules and regulations, and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served.  

We may also disclose information if we have good faith to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Customer Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud, AML/CTF issues, Market abuse issues or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights or the prosecution of criminal offenses. 

LINKS TO OTHER WEBSITES 

We will not be liable for misuse or loss of personal information resulting from cookies on the site(s) that we do not have access to or control over. Where we provide links to websites of other organisations, this privacy notice online statement policy does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit. We are not liable for unlawful or unauthorised use of your personal information due to the negligent or malicious misuse or misplacement of your passwords. 

NON-EU TRANSFERS

While our operations are targeting the EU and EEA areas exclusively, we may transfer your data to a third party in a non-EU country if such a transfer is necessary and has a legal basis as described in this document. The third-party processors in this case shall be contractually bound to data protection standards equivalent to those of EU legislation and shall act in accordance with Article 46 of Regulation (EU) 2016/679. 

AUTOMATED DECISION_MAKING AND PROFILING 

In general, your data is not processed automatically, and no decision is taken based on automated processes.  The only automatic “profiling” we may do based on your data is a risk assessment for AML/CTF purposes and for establishing your investment risk appetite and tolerances. This process is however not entirely automatic and ultimately depends on manual overview and decision taking. 

DATA PROTECTION RIGHTS

If you are a physical person who is the data subject of what is legally considered “personal data” which we hold as a “controller” and/or “processor” you are entitled to certain rights. Without prejudice to the above, your rights may be limited due to the legal basis relied upon by the Company to process your data. As the majority of the processing performed by the Company is the consequence of legal obligations, some of the rights below may be partially or fully in conflict with other legal instruments and as such, unenforceable. 

  1. Right to information. You may request to know whether we hold any of your personal data, and, if so, information on the Company, what type of data we process and why/how we are processing it.  

  2. Right of access.  You have the right to receive a copy of your personal data.  

  3. Right to rectification. You have the right to request rectification of your information which you think is inaccurate and you have the right to complete any incomplete data we may hold.    

  4. Right to erasure (‘right to be forgotten’). 

You may request that your personal data is deleted, provided that you meet the legal criteria for this request. Generally, you may request to be forgotten if the processing is unnecessary, unlawful, illegitimate, or you have objected to it. Note that since the majority of the processing performed by the Company is based on legal requirement, your request to be forgotten may be legally rejected by the Company. 

  1. Right to object. Object to processing of your personal information.  If we are processing your data based on our (or a third party’s) legitimate interest and you are in a particular situation which gives you reason to object to the processing, you may submit this request. You may also object if we are processing your data for direct marketing purposes. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. 

  2. Object to automated decision-making including profiling.  You may object to any automated decisions or profiling taken and performed by us based on your personal data. 

  3. Right to restriction. You may request the restriction of the processing of your data under some circumstances, for example so as to determine if the data is accurate or to establish the reason for processing it. 

  4. Right to data portability.  This right only applies to information that you have given to us. You have the right to ask that we transfer the information you gave us from one organization to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.  

Where you have consented to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once your consent is withdrawn, the processing of your data will be halted, unless said processing is found on another legitimate basis, for example due to a legal obligation to keep your data. 

Please contact the Company’s Data Protection Officer at dpo@aeonpaymenttechnologies.com if you wish to exercise your rights. We may apply identification verification measures to you in order to ensure that no personal data is disclosed to unauthorized persons. 

Unless your requests are manifestly unreasonable or excessively burdensome, you shall not be charged a fee by the Company. In such cases your requests may also be denied, as they may not be submitted in good faith. 

COMPLAINTS

If you have any complaints about the processing of your data, you may contact the Company’s Data Protection Officer at dpo@aeonpaymenttechnologies.com. If you have received a response to your complaint by the Company which you deem to be unsatisfactory, you may also complaint to the Office of the Commissioner for Personal Data Protection in Cyprus, (https://www.dataprotection.gov.cy). 

©  AEON Payment Technologies

bottom of page