Website Stația de Plată SelfPay Now

Terms and conditions Privacy Policy Cookies Policy Terms and Conditions Open Banking Privacy Policy Open Banking

PERSONAL DATA PRIVACY NOTICE

I. INTRODUCTION

 IRIS Solutions OOD, UIC 204997709 (hereinafter referred to as “Iris“, “the Company” or “we“) is a legal entity, registered in the Bulgarian Commercial Register, with UIC  204997709, with registered office and management address in the city of Sofia, 111B Tsarigradsko Shose Blvd., Sofia Tech Park, Incubator Building, 1st floor, licensed to provide account information services in accordance with Article 4, item 7 and item 8 of the Bulgarian PSPSA, registered in the Register of Licensed Payment Institutions in the Republic of Bulgaria, administered by the Bulgarian National B; The Company is personal data controller within the meaning of the Personal Data Protection Act (PDPA) and collects, processes and stores your personal data under the terms of this Privacy Notice.

You can contact us at the following contact data:

Address: Sofia, 111B Tsarigradsko shose Blvd., Sofia Tech Park, Incubator Building

e-mail: bdo@irisbgsf.com

This Personal Data Privacy Notice (hereinafter referred to as the “Privacy Notice”) has been prepared and is based on the current Bulgarian and European legislation regarding personal data protection.

This Privacy Notice regulates the processing by Iris of personal data of Account Holders, who have entered into an agreement with SELFPAY SA in terms of processing of their Account Information and have given a valid Service authorization for initiating a request for facilitating and transfer of Account information from the primary Account Information controller to SELFPAY SA.

II. GENERAL PROVISIONS AND DEFINITIONS

The terms below have the following meaning for the purposes of this Privacy Notice:

“Account Information” means Account related unaggregated data, such as Account Holder`s name, Account number, balances, transaction history, etc., except for “sensitive payment data” as per art. 4, para. 12 of PSD2, generated and administered by an “account servicing payment service provider” as per art. 4, para. 17 of PSD2 as a primary data controller;

“Service” means facilitating of the transfer of Account Information from the primary Account Information controller to SELFPAY SA;

SELFPAY SA, with registered headquarters in Romania, Bucharest, 2^nd District, no. 153-155 Dacia Blv, 7^th floor, postal code 020057, incorporated under no. J40/9919/2009 with Trade Register, UIC 26067497, Fiscal attribute RO, registered, hereby represented by E-Pay Consulting SRL through Adrian Daniel Badeaherebyrecipient of the Service for further administration and use of the Account Information as per its arrangements with the Account Holder.

“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal Data” means the information under section III, p. 1 to 3 herein below, as defined in Article 4, para. 1 of the GDPR (Regulation (EU) 2016/679).

III. COLLECTION OF PERSONAL DATA

We collect the following Personal Data about you with regard to the Service:

1. Name, surname, family name;
2. Payment account numbers (IBAN, BIC, );
3. Account balance and payment operations description (history);
4. E-mail.

By giving a valid Service authorization hereunder, you express your informed and explicit consent to provide your Personal Data in order to be collected and processed by us. Comprehensive information about the use of Personal Data by us can be found in this Privacy Notice.

IV. PURPOSE OF PROCESSING

We use your Personal Data for the following purposes:

• provide the Service;
• any inquiries or questions you have about our Service;
• compliance with other applicable regulatory requirements;
• inform you about changes in our General terms.

In the event that Iris plans to use your Personal Data for other purposes, we will notify you in advance and ask for your explicit consent.

V. GROUNDS FOR PROCESSING PERSONAL DATA:

• Providing the Service, we will transfer your Account Information to “SELFPAY SA” (“data subject to the Service”), whereas we shall ensure that such processing will always be in compliance with this Privacy Notice and any applicable laws.

We store your Account information only within the individual Account Holder’s session which is necessary to accomplish the particular Service and we do not have further access to this data. We shall provide your Account Information to SELFPAY SA  when you initiate the Service through SELFPAY SA’s client Application or through the website of SELFPAY SA.

• We may process the information contained in any inquiries and complaints you send to us about our services (“data for inquiries”).
• We may process all personal data specified in this Notice when necessary to establish, exercise or defend / against lawsuits / claims, whether in court proceedings or in administrative or out-of-court proceedings. The legal basis for this processing is our legitimate interests, namely the protection and enforcement of our legal rights, your legal rights and the legal rights of third parties.
• In addition to the specific purposes for which we may process your personal data set out in this Privacy Notice, we may also process your personal data when such processing is necessary to comply with a legal obligation.

VI. SECURITY

Iris uses reasonable electronic, human and technical measures to protect Personal Data from loss, theft, alteration or misuse. However, keep in mind that even the best security measures cannot completely eliminate all risks.

VII. YOUR RIGHTS

• The right to be informed

Iris will provide you with information about the processing when we collect personal data from you, as well as through privacy notices such as this.

• Right of access

You have the right to access your personal data and details of how we process them. You can request details about the personal data that the Company holds about you by contacting us at e- mail: bdo@irisbgsf.com.

• Right to rectification

You have the right to rectify or request rectification of your personal data if it is inaccurate or incomplete.

Iris makes its best effort to keep the personal data processed accurate and up-to-date. However, we rely on our customers to make sure that some of the information which is related to them, is accurate and up to date. We encourage customers to notify Iris in case of any changes to their information (for example, by updating your account information).

• Right to object

You have the right to object to certain uses of personal data, such as direct marketing.

• Right to be forgotten

You have the right to request that we delete or remove personal data from our records when there is no good reason to continue processing them. Where personal data are still needed for lawful purposes, it will not be possible to delete this data, so some requests may be rejected.

• Right to restriction of processing

You have the right to “block” the processing of personal data in limited circumstances. This right may be exercised:

1. If the accuracy of your personal data is disputed and needs to be verified;
2. If the processing is illegal, but you do not want the personal data to be deleted; or
3. If personal data is no longer required by Iris, but you want the data to be retained for legal

• Right to data portability

This right applies only to personal data that is provided to us in a structured, widely used and machine-readable format and which we process on the basis of your consent or to enter into a contract with you.

The right to data portability allows individuals to reuse their personal data in different services; allowing them to move or copy data from one organization to another if they choose.

• Right to withdraw your consent

When we process personal data on the basis of your consent, the consent should be freely expressed, specific, informed and unambiguous, given through a statement or clearly confirmatory action.  You have the right to withdraw your consent to the processing of your personal data at any time with a separate request addressed to Iris in the case of processing based on a given consent.

• Complaint to the supervisory authority

You have the right to lodge a complaint directly with the supervisory authority, the competent authority being the Commission for Personal Data Protection:

Commission for Personal Data Protection, Sofia, 1592, 2 Prof. Tsvetan Lazarov Blvd., tel: + 3592 / 91-53-518, E-Mail: kzld@cpdp.bg

In the event that you wish to exercise any of these rights, please contact us through the contacts provided in Section II of this Privacy Notice.

VIII. MISCELLANEOUS

Iris may update this Notice periodically by publishing a new version and all changes and additions to the Privacy Notice will be applied only after the publication of its current content.

Notwithstanding the above, we reserve the right to notify you at the email address you provide of changes to these policies. That is why you must always keep your contact details up to date.

If you have any questions or comments about this Privacy Notice, please contact us at bdo@irisbgsf.com.