DECTA group companies ("We" or "Us") are committed to protecting and respecting Your privacy.
For the purpose of the Data Protection Act of the United Kingdom and General Data Protection Regulation 2016/679 of the European Union, Your data controllers are both Decta Limited, incorporated in England and Wales, with address at Suite 3, Third Floor, 62 Bayswater Road, London, W2 3PH, authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN: 900592), and SIA “DECTA”, incorporated in Latvia, with address at Duntes Street 6, Riga, LV-1013 (collectively called, DECTA), except in relation to client data, data controlled for personnel recruitment purposes, and other cases where data is controlled by each DECTA group company.
Part A of this policy governs our use of personal data collected on individuals, including, through their browsing and use of www.decta.com.
Part B of this policy sets out the basis on which We will use any personal data collected, or provided, by corporate entities completing and submitting the data by their own initiative in any application or contact forms located on our Website or in any other form via our Website.
Purpose of data collection
We process personal data in accordance to the requirements of laws and regulations, provisions of applicable contracts and Our legitimate and legal interests, including, but not limited to, the following purposes:
- To provide services – in order to provide our services We process personal data to enter into contractual relationship with a client for rendering services, for taking necessary actions prior to entering in the contract, for implementation of the contracts signed with the client, for assessment of the client and the persons related to a client with an aim to define a possibility and provisions for cooperation, for due cooperation with a client, for signing contracts in client’s interests, for settlements with the client, for communication with a client.
- To ensure performance of our legal obligations – We process personal data to perform Our legal obligations, based on applicable requirements of laws and regulations on electronic money institutions, anti-money laundering and counter-terrorism and proliferation financing, tax liabilities and bookkeeping, payment instruments, payment services, international sanctions, and requirements of other laws and regulations applicable to Us.
- To ensure risk management – before and during cooperation with a client We process personal data to provide compliance with our requirements and those of international payment systems (for example, VISA, Mastercard) and other laws and regulations, to monitor the observance of client’s liabilities, to keep evidence and information on the course of cooperation, to disclose and prevent illegal actions, to ensure physical security and security of Our information systems, to protect our rights, to protect Us against damage, to represent Our interests in the course of examination of claims and disputes. In order to manage risks We process personal data based on the necessity to perform the contract with a client or take actions prior to its signing, based on Our legitimate interests to provide that cooperation conditions are being followed, to prevent potential damages and to protect Our and/or Your interests, to ensure Our/Your security and to perform Our legal obligations in regard to risk management.
- To ensure Our legitimate interests - We may process personal data to improve the quality of Our services, to provide You with additional services or to develop new products, to carry out internal analysis and statistics, to support Our activities and compliance with the internal administration procedures, to improve and test Our technical infrastructure, to ensure cooperation with Our counterparties, to obtain necessary consultations from outsource specialists, to examine complaints or applications of a client or other persons, to manage Our rights and obligations under the signed contracts.
Part A - Individuals
Information We may collect from You
We may collect and process the following data about You:
- Information You give Us. You may give Us information about You by filling in forms on our site www.decta.com ("our site") or by corresponding with Us by phone, e-mail or otherwise. This includes information You provide when You register to use our site, subscribe to our service, search for a product, place an order on our site, enter a competition, promotion or a survey, and when You report a problem with our site. The information You give Us may include Your name, address, e-mail address and phone number, financial and credit card information and personal description.
- Information We collect about You. With regard to each of Your visits to our site We may automatically collect the following information:
• technical information, including the Internet protocol (IP) address used to connect Your computer to the Internet, Your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• information about Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products You viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- Information We receive from other sources. We may receive information about You if You use any of the other Websites We operate or the other services We provide. We also often work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about You from them.
How we use the information
We use information held about You in the following ways:
Information You give to Us. We will use this information:
- to carry out our obligations arising from any contracts entered into between You and Us and to provide You with the information, products and services that You request from Us;
- to provide You with information about other goods and services We offer that are similar to those that You have already purchased or enquired about;
- to provide You, or permit selected third parties to provide You, with information about goods or services We feel may interest You. If You are an existing customer, We will only contact You by electronic means (e-mail or SMS) with information about goods and services similar to those which Were the subject of a previous sale or negotiations of a sale to You. If You are a new customer, and where We permit selected third parties to use Your data, We (or they) will contact You by electronic means only if You have consented to this. If You do not want Us to use Your data in this way, or to pass Your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which We collect Your data (application form);
- to notify You about changes to our service; and
- to ensure that content from our site is presented in the most effective manner for You and for Your computer.
Information We collect about You. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for You and for Your computer;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising We serve to You and others, and to deliver relevant advertising to You; and
- to make suggestions and recommendations to You and other users of our site about goods or services that may interest You or them.
Information We receive from other sources. We may combine this information with information You give to Us and information We collect about You. We may use this information and the combined information for the purposes set out above (depending on the types of information We receive).
Automated decision-making and profiling
As a part of the provision of services, We may apply profiling (i.e. automated data processing) to evaluate You. For example, profiling can be used as an auxiliary tool in the context of any client’s monitoring, when We fulfil our obligations of anti-money laundering and counter-terrorism and proliferation financing activities, taking into account the evaluation factors stipulated by the laws and regulations (e.g., services used, turnover of funds, type of activity etc). Taking into account the results of profiling, our employees may perform additional supervision or analysis of a client and take an individual decision. However, in some situations, the offer to receive an additional service or to change the cooperation conditions can be sent to a client automatically. Furthermore, We may automatically verify a client’s data in the registers and databases stipulated in the laws and regulations regarding the prevention of money laundering and terrorism and proliferation financing.
Disclosure of Your information
We may share Your personal information with any member of Our DECTA group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may share Your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract We enter into with You or them.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to You and others on the internet.
- Analytics and search engine providers that assist Us in the improvement and optimisation of our site.
- Credit reference agencies for the purpose of assessing Your credit score where this is Our condition entering into a contract with You.
We may disclose Your personal information to third parties:
- In the event that We sell or buy any business or assets, in which case We may disclose Your personal data to the prospective seller or buyer of such business or assets.
- If any DECTA group company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Please note that in cases when We transfer or disclose information to any third parties We always carefully consider the conditions under which personal data will be processed and stored after transfer to other entities both in EEA and outside EEA.
Where We store Your personal data
The data that We collect from You may be stored at a destination or transferred to within and outside the United Kingdom and European Economic Area ("EEA"). It may also be processed by staff operating within or outside the EEA who work for Us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of Your order, the processing of Your payment details and the provision of support services. By submitting Your personal data, You agree to this transfer, storing or processing.
Certain data on Your visit in our Website, for the statistical and analytical purposes of the browsing on the Website and related purposes, may be transmitted or made available to entities both in the European Economic Area and outside it (please see Our Cookies Policy).
All information You provide to Us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where We have given You (or where You have chosen) a password which enables You to access certain parts of our site, You are responsible for keeping this password confidential. We ask You not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect Your personal data, We cannot guarantee the security of Your data transmitted to our site; any transmission is at Your own risk. Once We have received Your information, We will use strict procedures and security features to try to prevent unauthorised access.
Data storage and retention
Please be informed that We always try to keep Your personal data for the shortest time possible.
However We will always keep Your personal data to protect our legal and legitimate interests for the period of time necessary to fulfil our mutual contractual obligations, until the legitimate period of potential claims has passed or to fulfil our legal obligations according to laws and regulations (for example, on general business activities, licensed activities, archiving and documentation, accountancy, anti-money laundering and terrorism financing and proliferation and other).
Please keep in mind that we keep personal data of candidates that have applied for a position with Us for no more than 6 months. If there is an open position competition, then the 6-month data retention period starts after the closure of the competition. However, you can always provide us with an explicit consent to keep your data for a longer time period if that is in your interests that we keep your data until a suitable position for you opens with Us.
In respect to Your personal data You have the rights:
- to get familiar with Your personal data and how it is processed,
- to demand correcting incorrect, inaccurate or incomplete data, erasing Your personal data or restricting the processing of Your personal data when personal data is processed without complying with legal requirements or when there is another legal basis,
- to withdraw Your consent of Your data processing at any time if personal data is processed on a separate consent basis. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,
- the right to portability of personal data, receiving them in an electronic format with the purpose of transferring information to a third party, taking into account the restrictions stipulated by the laws and regulations;
Please keep in mind that Our site may, from time to time, contain links to and from the Websites of our partner networks, advertisers and affiliates. If You follow a link to any of these Websites, please note that these Websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before You submit any personal data to these Websites.
Access to information
You have the right to access information held about You. Your right of access can be exercised in accordance with legal acts on data protection.
Please keep in mind that where requests from You are manifestly unfounded or excessive, in particular because of their repetitive character, We have legal rights either:
(a) to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
(b) to refuse to act on the request.
Complaints and contacts
You can always exercise Your rights to protect Your personal data at any time in the first place by contacting Us at firstname.lastname@example.org.
In cases where You consider that Your personal data is being processed in a con-compliant manner or Your rights in connection with data processing are violated, You also have the right to contact the relevant data protection authority and file a complaint:
- the ICO is the UK's independent body set up to uphold information rights and more information can be found on their website https://ico.org.uk/,
- Data State Inspectorate (Datu valsts inspekcija) is the national Data Protection Authority for Latvia and more information can be found on their website https://www.dvi.gov.lv/lv
PART B – Corporate clients and corporate use of the site
Our corporate clients may use our website to submit a contact form in order to contact us and that may include personal data of natural persons related to the corporate client (for example, company representatives, directors, shareholders and ultimate beneficial owners).
By submitting any data via our website, the corporate client confirms that it is authorised and, specifically where required by laws governing personal data protection, has the necessary consents to disclose any personal data to us. We shall not be liable for any claim brought by any individual arising from an act or omission resulting from any corporate client’s failure to ensure that the transfer of the personal data was lawful under the applicable laws governing personal data protection.
E-Merchants may use www.decta.com to submit a form to Us containing information on the E-Merchant, the online electronic environment of the E-Merchant including how it offers its goods and services, its bank details, types of goods and services provided and the types of payment card accepted (the "E-Merchant Application"). The E-Merchant Application also contains personal data including the names and addresses of company directors and shareholders. By submitting the E-Merchant Application, the E-Merchant confirms that it is authorised and, specifically where required by laws governing personal data protection, has the necessary consents to disclose the personal data to us. We shall not be liable for any claim brought by any individual arising from an act or omission resulting from the E-Merchant's failure to ensure that the transfer of the personal data was lawful under the applicable laws governing personal data protection.
We will use this information to:
- evaluate the application to receive our services, to support the applicant in its acceptance and processing of card transactions;
- assess and determine the provisions of an agreement between a corporate client and Us;
- enable fraud protection and risk management processes such as checking third party sanctions lists and other databases to ensure that a client is eligible to receive our services;
- manage all billing and invoicing;
- offer a client other products and services; and
- comply with our legal compliance obligations.
We may share information supplied on an application with selected third parties such as:
- payment processors, credit reference and fraud prevention agencies; and
- any person if required by applicable law (including, without limitation, that refer to our statutory or regulatory reporting obligations).
The processing of any payment information on behalf of our corporate clients is governed by agreements made between Us and the relevant corporate client.