Last updated: 7 March 2022
DECTA group companies ("We" or "Us") are committed to protecting and respecting Your privacy.
(ii) use Our products and services as a Client or Partner;
(iii) use Our products or services as a customer of Our Clients;
(iv) communicate with Us by phone, email, social media or otherwise.
We process Your personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter – “GDPR”) and in compliance with the Data Protection Act 2018 of the United Kingdom (hereinafter – “UK GDPR”).
For the purposes of the GDPR and UK GDPR, Your data controller is DECTA LIMITED, incorporated in England and Wales, with an address at 1 King William street, London, EC4N 7AF, authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN: 900592). SIA “DECTA”, incorporated in Latvia, with an address at Duntes Street 6, Riga, LV-1013, is the data controller with respect to personal data processed for its own personnel recruitment purposes, event organising purposes and other purposes as applicable.
- a visitor of Our Website (hereinafter – a “Visitor”);
- any shareholders, beneficial owners, directors, authorised persons and staff members of Our corporate clients, who intend to use or already use Our products or services (hereinafter – a “Client”);
- any shareholders, beneficial owners, directors, authorised persons and staff members of Our corporate partners, who intend to cooperate with Us in regard to Our products or services (hereinafter – a “Partner”); or
- a direct or indirect customer of Our Client (hereinafter – a “Customer”).
The visitor may include “Client” and/or “Customer”, and/or “Partner” where appropriate;
Website means the website is accessible at https://www.decta.com/;
Services mean all services that DECTA offers and provides to You, including online payment acquiring, technical processing services and any other related services.
On what legal grounds do we process your personal data?
- for conclusion, performance, amendment and administration of the agreement You as a Client or as a Partner conclude with Us (Article 6(1)(b) of the GDPR);
- for fulfilment of legal obligations and requirements of legal acts applicable to Us (Article 6(1)(c) of the GDPR);
- for pursuing Our legitimate interests and those of third parties (Article 6(1)(f) of the GDPR);
- for acting in accordance with Your consent (Article 6(1)(a) of the GDPR).
In the scope and under the conditions set by applicable legislation, one or several of the abovementioned legal grounds may apply to processing of the same set of Your personal data.
What information do we process about you?
Within the course of providing Our services, We receive Your personal data directly from You, when You provide it to Us, or We can also receive personal data about You from other sources. Please see below an overview of the personal data We process:
Information You as a Client or as a Partner provide Us by filling the forms on Our Website. This includes information You provide when You register to use Our site or get in touch with Us in order to apply for Our services, for example, Your name, contact information, company name and role, the services Your company requires;
Information and documentation that You as a Client or as a Partner provide to Us in order to conclude an agreement with Us. Such information includes, but is not limited to, Your name, date of birth, home, work or other physical address, telephone number, e-mail address, company name, company number, current position, previous places of employment, education, passport or ID data; payment account number, information regarding the beneficial ownership in other companies and other information that may be required by the applicable laws;
A record of correspondence / communication and/or the telephone call in the event You contact us. Such record includes Your name, surname, e-mail address, telephone number, name of Your company and any other personal data You may disclose to Us during such communication;
Information We receive and process when You as a Customer purchase products or services from an online merchant who is Our corporate Client. We process Your personal data, including, but not limited to, name, surname, e-mail address, telephone number, details of Your payment instrument, including, but not limited to, card number, card expiry date, CVC/CVV code, credit/financial institution and/or issuer details and information relating to the purchased products or services, including the location and time of the transaction;
Information regarding Your visit of Our premises. In the event You visit Our business premises, We may record Your name and contact information, time and duration of the visit, as well as we will rely on CCTV monitoring in order to ensure safety and security on Our premises.
Information regarding Your interaction with Our Website. This includes information about how You navigate Our Website, for instance, when You log into Your account, search for a product/service, place an order on Our site and when You report a problem with Our site. With regard to each of Your visits to Our site We also automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect Your computer to the Internet, Your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from Our site (including date and time); products You viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call Our customer service number.
Information about You as a Customer, Partner or Client, which We receive from other sources. We receive this information from Our business partners, service providers and subcontractors, such as the international card payment networks (VISA and Mastercard), payment service providers, credit reference agencies and other third parties. The information We receive includes the information required for Customer or Partner verification for anti-money laundering and counter terrorism financing purposes, fraud prevention purposes.
For what purposes do we process personal data?
We process personal data in accordance with the requirements of laws and regulations, provisions of applicable contracts and Our legitimate and legal interests, including, but not limited to, the following purposes:
To provide Our services
In order to provide Our services, We process personal data to enter into a contractual relationship with a Client or a Partner for rendering services or establishing cooperation, for taking necessary actions prior to entering in the contract, for implementation of the contracts signed with the Client or Partner, for assessment of the Client or Partner and the persons related to a Client or Partner with an aim to define a possibility and provisions for cooperation, for due cooperation with a Client or Partner, for concluding agreements with the Client or Partner, for managing settlements with the Client or Partner. In regard to this processing purpose, We rely on a contract as the legal basis for processing.
To comply with the applicable legal obligations
We process personal data to perform Our legal obligations, based on applicable requirements of laws and regulations on electronic money institutions, anti-money laundering and counter-terrorism and proliferation financing, tax liabilities and bookkeeping, payment instruments, payment services, international sanctions, and requirements of other laws and regulations applicable to Us. In regard to this processing purpose, We rely on the applicable law as a legal basis for processing.
To carry out risk management activities
We process Your personal data in order to prevent fraud, protect Our property and interests and those of Our Clients and other persons, collect evidence of violations and prevent the abuse of Our interests, those of Our Clients and other persons, prevent the abuse of the Website or Our Services, to ensure physical security and security of Our information systems, to administer, manage and recover Your debts and damages inflicted on Us and Our property. In regard to this purpose, We rely, as appropriate in each specific case, on Our legal obligations or Our legitimate interests as the legal basis for processing.
To carry out marketing activities
We process Your personal data in order to be able to provide general and personalised offers and other information. We can send notifications, offers and information to You by e-mail In order to choose notifications and offers to be sent to You, to know You and Your needs better, to improve Your experience while using Our Services, to automate the use of marketing tools for the most effective engagement, to expand the range of Services We offer and to constantly improve them, to give You relevant, interesting and useful offers and other information about Our Services, We analyse data related to Your behaviour patterns of use of Our Services and/or other signs. In regard to this purpose We rely either on Your consent or on Our legitimate interest to improve Our products and services.
To improve Our products and services
We process personal data to improve the quality of Our services, to provide You with additional services or to develop new products, to carry out internal analysis and statistics, to improve and test Our technical infrastructure, to ensure cooperation with Our counterparties, to obtain necessary consultations from outsourcing specialists. In regard to this purpose, We rely on Our legitimate interest to improve Our products and services.
To administer, support and improve Our Website
When You visit and browse Our Website, for the purpose of collecting statistical data and improving the quality of Services and visitor experience, We process technical data related to You visit. In regard to this purpose, We rely on Our legitimate interest to improve Our Website.
To provide customer service
If You as a Client or Partner contact Our customer service specialists by phone, We will keep a written record of the information You provide, including personal data, so that We can properly examine Your request and/or respond to Your inquiry. If You contact Us in writing (by e-mail or otherwise), We will store the fact of You contacting Us and the information provided, including personal data, so that We can properly examine Your request and/or respond to Your question, request or complaint. In regard to this purpose We rely on Our legitimate interest to promptly and successfully solve any complains or queries of Our Customers or Partners.
To organise events
Where You as a Client, Partner, public speaker or visitor attend public events organised by us, We will process Your personal data related to the attendance of the respective event. In this regard We rely either on a contract, Our legitimate interests or Your consent as the legal basis for processing, depending on which is the most appropriate in each specific situation.
To carry out recruitment activities
In the event You apply for a position at DECTA, We will process Your personal data on the basis of Our legitimate interest to recruit an appropriate candidate.
Automated decision-making and profiling
As a part of the provision of services, We apply profiling (i.e. automated data processing) to evaluate You. For example, profiling can be used as an auxiliary tool in the context of any Client’s monitoring, when We comply with the requirements of anti-money laundering and counter-terrorism and proliferation financing legislation, taking into account the evaluation factors stipulated by the laws and regulations (e.g., services used, turnover of funds, type of activity, etc). Taking into account the results of profiling, Our employees perform additional supervision or analysis of a Client and take an individual decision. However, in some situations, the offer to receive an additional service or to change the cooperation conditions can be sent to a Client automatically. Furthermore, We automatically verify a Client’s data in the registers and databases stipulated in the laws and regulations regarding the prevention of money laundering and terrorism and proliferation financing.
Disclosure of your information
We share Your personal information with any member of Our DECTA group, which means Our subsidiaries, Our ultimate holding company and its subsidiaries.
In order to provide Our Services, comply with the applicable legislation and protect Our legitimate interests, when necessary We may share Your personal data with selected third parties including:
Our business partners, service providers, suppliers and sub-contractors for the performance of any contract We enter into with You or them. This may include:
- Our advertisers require the data to select and serve relevant adverts to You and others on the internet.
- Analytics and search engine providers that assist Us in the improvement and optimisation of Our site.
- Third-party financial institutions. This includes international card payment networks (VISA and Mastercard), payment systems and credit/financial institutions where You as a Client or a Customer maintain Your payment account or any other type of account;
- Credit reference agencies for the purpose of assessing Your credit score where this is Our condition entering into a contract with You.
- Our Clients in order to assist them with carrying out their legal obligations or contractual their obligations towards You as their Customer.
- Competent authorities when We are under a duty to disclose or share Your personal data in order to comply with any legal obligation, or in order to enforce any agreements; or to protect Our rights, property, or safety, or those of Our Clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- Prospective seller or buyer in the event that We sell or buy any business or assets, in which case We may disclose Your personal data to the them.
Please note that in cases when We transfer or disclose information to any third parties, We always carefully consider the conditions under which personal data will be processed and stored after transfer to other entities and We ensure the conclusion of appropriate data processing agreements.
Where we process and store your personal data?
DECTA entities themselves process and store personal data either Member States of the European Union or in the United Kingdom, which the European Commission has deemed as a third country ensuring an adequate level of personal data protection.
Data processors We rely upon are usually located in the European Economic Area (EEA). Only a few carefully selected data processors (such as Google) process data outside the EEA. In addition, when We manage Our social media accounts, We receive and provide data to social network platform operators (e.g. LinkedIn, Facebook), which also operate outside the European Union, e.g. in the USA. We closely follow practices of data protection supervisory authorities and the guidelines on the transfer of data outside the European Union, and We diligently consider conditions, under which data are transferred and subsequently processed and stored after the transfer outside the European Union.
Please note that taking into account the complex nature of the Services provided by Us, Your data can be processed by independent controllers or their staff outside the United Kingdom and European Union, for instance, by international card payment networks such as Visa and Mastercard.
To ensure an adequate level of security of data and to guarantee legitimate transfer of data, We conclude Standard Contractual Clauses approved by the European Commission for data transfer outside the EEA or follow other grounds and conditions set out in the GDPR and UK GDPR.
All information You provide to Us is stored on Our secure servers. Any payment transactions will be encrypted using SSL technology. Where We have given You (or where You have chosen) a password which enables You to access certain parts of Our site, You are responsible for keeping this password confidential. We ask You not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your personal data, We cannot guarantee the security of Your data transmitted to Our site; any transmission is at Your own risk. Once We have received Your information, We will use strict procedures and security features to try to prevent unauthorised access.
Data storage and retention
In the event We rely on Your consent for personal data processing, We will retain it until You revoke such consent or will delete it earlier, if the personal data is no longer necessary.
Please note that We keep the personal data of candidates that have applied for a position with Us for no more than 6 months. If there is an open position competition, the 6-month data retention period starts after the closure of the competition. However, You can always provide Us with consent to keep Your data for a longer time period if that is in Your interests We keep Your data until a suitable position for You opens with Us.
In respect to Your personal data, You have the following rights:
The right to access data processed and the right to obtain a copy of personal data
You can submit Your request for the exercise of Your rights to firstname.lastname@example.org.
Right to rectification of personal data
In case of any changes in Your personal data (surname, e-mail address, telephone number), or in case You think that the information processed by Us about You is inaccurate or incorrect, You have the right to demand to modify, amend or correct such information.
Right to withdraw the consent
In case where We process Your data on the basis of Your consent, You have the right to withdraw Your consent at any time and data processing based on Your consent will stop.
For example, You can withdraw Your consent to receive offers and information at any time. The withdrawal of these consents will not prevent You from continuing to use Our Services, however, this will mean that We will not be able to give offers that may be useful to You. You have the right to withdraw consent at any time in the following ways:
- by e-mail: email@example.com;
- by clicking on the link “Unsubscribe from newsletters” in the e-mail at any time;
Right to object to data processing, when processing is based on legitimate interests
You have the right to object to personal data processing, when personal data is processed based on Our legitimate interests. In the event that We send You general offers and information on the basis of Our legitimate interest, You have the right to opt out of general offers at any time:
- by e-mail: firstname.lastname@example.org;
- by clicking on the link “Unsubscribe from newsletters” in the e-mail at any time;
Right to erasure (right to be forgotten)
When there are certain circumstances indicated in the GDPR and UK GDPR (e.g. when the basis for data processing has ceased to exist, etc.), You have the right to request that We erase Your personal data.
Right to restriction of data processing
When there are certain circumstances indicated in the GDPR and UK GDPR (when personal data is processed unlawfully, when You challenge data accuracy, You stated an objection to data processing on the basis of Our legitimate interest, etc.), You also have the right to restrict Your data processing.
However, We must point out that, because of the restriction of data processing and during the period of such restriction, We may be unable to guarantee You all the Services.
Right to data portability
When there are certain circumstances indicated in the GDPR and UK GDPR you have the right to ask Us to send Your personal data to another controller. In order to exercise this right, please contact Us by e-mail: email@example.com.
Right to lodge a complaint
Should You consider that Your personal data is being processed in a non-compliant manner or Your rights in connection with data processing are violated, You also have the right to contact the relevant data protection authority and file a complaint:
- the ICO is the UK's independent body set up to uphold information rights and more information can be found on their website https://ico.org.uk/,
- Data State Inspectorate (Datu valsts inspekcija) is the national Data Protection Authority for Latvia and more information can be found on their website https://www.dvi.gov.lv/lv
Examination procedure of requests
In order to protect Our Clients’, Partners’ and Customers’ data from illegal disclosure, upon receipt of Your request to present data or implement other rights of Yours, We will have to verify Your identity. Upon receipt of Your request regarding implementation of any right of Yours and having successfully performed the above-indicated verification procedure, We undertake without undue delay, but in any case no later than within one month after receipt of Your request and completion of the verification procedure, to give You information about actions We took with regard to Your request. With regard to the complexity and number of requests, We have the right to extend the period of one month for two more months, informing You about it before the end of the first month and indicating reasons for such an extension.
If Your request is submitted electronically, We will give the answer to You electronically, too, unless it is impossible (e.g. due to a particularly large scope of information) or when You request to answer You in some other way.
We have the right to refuse to satisfy Your request by Our reasoned written response under the conditions and grounds provided for in the GDPR and UK GDPR. We will provide You with information free of charge, however, if the requests are manifestly unfounded or disproportionate, in particular, because of their repetitive content, We may require a reasonable fee to cover administrative costs or may refuse to act upon Your request.