COMPLAINT FORM FOR MATTERS RELATED TO PERSONAL DATA 13
The Company continuously follows legal updates to any and all acts governing activities of financial institutions, AML and terrorism funding prevention, as well as European laws and directives related to protection of personal data. In compliance with the General Data Protection Regulation (GDPR), the Company has adopted measures described herein.
As of the launch of electronic money system, the Company uses a set of personal data protection principles. These principles are applied to any and all persons and organization, personal data of whom we have. We focus on the following fundamental principles:
Mercurius is a system of payments / electronic money (hereinafter only system) operated by the Company Mercurius Partners s.r.o., a company based in the Czech Republic (EU member state). The Company conducts its operations based on a license issued by Czech National Bank for small-scale electronic money issuer.
Full legal information about Mercurius Partners s.r.o. are as follows:
Business name: Mercurius Partners s.r.o.
Registration number of the company: 05513031
Registered office: sq.I.P.Pavlova 3, 12000 Prague 2, Czech Republic
E-mail: [email protected]
Telephone number: +420 234 280 634
As per the Directive 95/46/EC (General Data Protection Regulation), the Company is a data administrator and is therefore responsible for secure use of personal data in compliance with legal regulation and in compliance with the agreement concluded between the Company and its Clients.
Personal data are any information of personal nature that identify an individual. Personal data does not include information that cannot be used to identify an individual (are anonymous). The Company collects, uses, processes, stores, or transfers personal data such as:
The Company does not collect, store, or process any special categories of personal data of its clients (race, ethnicity, religion or philosophy, sex life, sexual orientation, political opinions, membership in unions, health information, or genetic or biometric information).
Since the Company is a small-scale issuer of electronic money, it has duties related to preventing money laundering and terrorism funding, in terms of which it collects data, including personal data, in order to provide its services and products to Clients. The Company collects only personal data necessary to operate the payment system / electronic money system and to provide services related to electronic money and payment services.
In compliance with the law, rules, and conditions (agreements) with Clients, the Company is not entitled to record, authorize, and approve registration of a Client into the Mercurius system, until the Client submits the required data.
At its website, the Company collects data in various ways, but particularly by receiving personal data provided by a client directly to the Company. This includes:
Additionally, the Company receives personal data via third parties or data that are publicly available. These sources are:
The first and foremost purpose of use of personal data by the company is the provision of payment services and services related to electronic money, including securing due quality of the service ordered by the Client from the Company (depending on the type of Client). Additionally, the Company uses clients’ personal data in the following cases:
In order to improve its products or services, the Company may use automated tools, including profiling, automated analysis of client’s personal data for the following purposes:
The Company collects and uses personal information to provide payment services and services related to electronic money:
When working with Clients’ personal data, the Company shares the data with:
In any case of enforcement of right, court order, investigation by a national bank, investigation by a financial arbitrator, or any other similar judicial procedure, the Company shall adopt any and all adequate organizational and technical measures in order to ensure that each third party participating on processing of client’s personal data shall apply security standards compliant with the applicable legislation and with the policy determined herein.
Since the Company provides many payment solutions and services, it sends marketing notices and messages. The company sends marketing notices and messages only if the Client subscribed to receive such information about the Company’s services and products. The Client will also receive marketing communication from the Company is he or she participates in a contest, promotional event, or a survey, in terms of which the Company requests the clients to provide contact information in order to be able to enrol or participate in a survey.
In any case, the Company keeps a register of data for marketing communication, which is used by the Company, and each Client is entitled to unsubscribe from any such marketing notices by clicking on an unsubscription link provided in the Company’s marketing messages. The Company may also use the marketing and communication data with the aim of improving and adapting advertisement and promotional events that may be interesting for the Client.
The Company does not share personal information of its Clients with third parties, with the exception of those related to mandatory duties of the Company and third parties under contractual relationships on transfer of personal data for the purpose of provision of payment services and services related to electronic money. Such transfer is necessary for fulfilment and compliance with provisions of our services or fulfilment of other operational needs of the enterprise or development of specific purposes determined herein. Whenever the Company provides personal data to third parties, the Client can be sure that such third party applies similar level of data protection as the Company.
The Company is entitled to store Clients’ personal data for as long as it is necessary for the company to fulfil the purpose of collection thereof. The Company may store the data, provided that the legal (contractual or legislative) and accounting requirements as well as the compliance requirements are mutually conforming. The Company also considers the temporary limits set out in business acts or data protection acts in various countries, in which the Company provides its services.
Each Client may exercise his or her rights determined in the applicable legislation. The Company guarantees the following rights regarding personal data protection:
The Company has adopted legal, technical, and organizational measures considered necessary for keeping the Client’s personal data secure, with adequate respect to applicable obligations and exceptions under the applicable regulations. The Company maintains standards of the payment-providing industry regarding personal data protection, including, among other, standard options of using transparent data encryption database. Any and all data related to clients’ personal data are encrypted with AES 256 algorithm with crypto period of 1 year. The encryption key is encrypted using the X.509 standard with 2048-bit key length and one-year crypto period. The private key is distributed only to several employees of the Company using the Shamir threshold scheme, therefore none of the employees has an individual access to data independent on other employees. Access to information structure is secured according to the PCI DSS standard.
The Company reviews its policies for collecting, storing, and processing clients’ personal data, including any physical security measures, in order to prevent forging, loss, fault, fraudulent use, or fraudulent or unauthorized access to the Client’s personal data.
The Company adopted procedures for handling any suspicion of breach of personal data security and will notify its Clients and any competent authority, should the law require so.
The Company does not voluntarily or actively collect, use or disclose personal data of minors, with respect to varying age in varying territories, without a prior consent of the minor’s parents or guardians.
The Company’s services are not focused or intended to attract minors.
Should an employee of the Company founds out or is notified that the Company collects personal data for whatever reason about a minor from a certain territory without receiving any verifiable consent of the parents, the Company shall ensure deletion of such data as soon as possible.
Each Client is entitled to submit a complaint regarding processing and storage of personal data by the Company at the corresponding and competent personal data protection regulator within the Client’s territory.
Each Client is entitled to withdraw his or her consent with processing of personal data provided by the Client to the Company and prevent any other processing, unless there is a legitimate reason for the Company to continue processing the Client’s personal data.
Should there be a complaint or claim regarding personal data or the necessity of deletion thereof, please contact us at the e-mail address said below. Should you want to file a complaint, withdraw consent, or make any other changes to personal data, please fill out an application provided below and send to the following e-mail address: [email protected]
At its website, mobile application, and the Mercurius system, the Company uses Cookie files, web beacons, and other access techniques (hereinafter only “Cookies”). “Cookies” include any IT-related data, text files stored in user terminal for use in websites. Through such files, the Company finds a user terminal and displays a website adapted to the corresponding user preferences. “Cookies” usually contain the title of website, which the user is redirected from, save date and time in the terminal, and a unique number.
“Cookies” are used to adapt the website content to user preferences and to optimize the use of website. They are also used for production of anonymous summary statistics that allow the Company to understand how the user profits from the website, thus allowing means to improve the structure and content thereof, without the necessity of user’s personal identification.
The Company uses two types of “Cookies” - “Session Cookies” and “Fixed Cookies”. “Session Cookies” are temporary files stored in the user’s terminal until he or she logs out from the website or closes the application (web browser). “Fixed Cookies” remain stored in the user’s terminal for a period defined in the cookie parameter or until removed manually by the user. Personal data collected via cookies may be collected only to carry out specific features intended for the user. Such data shall be encrypted to prevent access thereto by unauthorized parties.
It generally applies that software tools used to browse websites allow storing Cookies in the user terminal when in default settings. Such settings may be changed so that the web browser does not allow automatic management of cookie files or to notify the user during each submission of cookies files to the terminal. Details regarding the possibilities and manners of cookie file processing can be found in the web browser settings. Denied use of cookie files may affect some features available at the website.
“Cookies” used by partners of the website operator, including, but without limitation to, website users, are a subject to their respective privacy policies.
Complaint form for matters related to personal data
Name and surname
Date of birth
Contact e-mail address
State the type of data which this complaint relates to:
o Identification data
o Contact information
o Financial information
o Payment details
o Technical and access information
o Marketing and communication data
Please state the subject matter of your complaint related to personal data:
We will process your complaint within 24 hours. Should you have any questions, please contact us at: +420 234 280 634.