- Please read the Policy carefully in order to understand how we process your personal data so that you understand what we do with your personal data, why we use your personal data, who we share your personal data with, the circumstances in which we will share it, the steps we will take to keep it secure, the options available to you and your rights.
- We respect your privacy and take protection of your data very seriously and are committed to handling the data of those we engage with, whether customers, suppliers or colleagues, responsibly and in a way that meets the legal requirements of the countries in which we operate.
When used throughout the text of this Policy:
Moneff, us, we or our each means Safenetpay ApS (second Danish company name – Moneff) with registered address at Gammel Kongevej 1, 1610, Denmark.
‘You’ or ‘your’ means any natural or legal person who interacts with us, uses our website or the products and services we provide;
Personal data is the information that can be used to uniquely identify an individual;
Processing of data means the carrying out of any operation or set of operations in relation to personal data, including recording, holding, organisation, adaption or alteration, retrieval, combination, transmission and erasure or destruction.
Non-personal data is information that will not allow a specific individual to be identified;
Data denotes personal data and/or non-personal data.
Data controller is Safenetpay ApS, and as the data controller we determine the purposes and the means of processing personal and non-personal data.
3. About Moneff
We are an authorised electronic money institution regulated by the Danish FSA. Our CVR number is 40860320.
For the purposes of this Policy, the GDPR - Moneff is the data controller.
If you have any questions about how we protect or use your data, please email us at [email protected]
- We will occasionally ask for your specific consent to collect and process your personal data under section 5 of the Policy.
- We may ask your consent to share your personal data with Moneff's group of companies (in particular, Safenetpay Services Company Limited, UK) in order to provide you with the best services and products.
- The disclosure of your personal data to third parties will be explicitly based on your consent or our contractual or legal obligation.
- You have the right to withdraw your consent at any time by sending a request to [email protected] in case where explicit consent has been given to process your data.
5. Data we collect about you
5.1. We collect and process the following data:
- If you are user of our website and not our customer:
- data we collect about you when you communicate with us (for example, where you make an enquiry and expect us to address it, it may include your full name, phone number, your emails and letters.)
- information about the visit to the website (collected based on the consent you give):
- full Uniform Resource Locators (URL), clickstream to, through and from website (including date and time); products and services which are viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information such as scrolling, clicks, and mouse-overs, methods used to browse away from the page (if the respective cookie settings are enabled by the user);
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, the browser type and version, the time zone setting, the operating system and platform, the type of device you use, mobile network information, your mobile operating system and the type of mobile browser you use;
- your submitted job applications with the data therein where it is applicable.
- If you are our customer:
- data which you give to us (it may include your company name and information about ultimate beneficial owners, including name, address, email address, phone number, date of birth, biometric data (fingerprints), data related to face ID, identity documents, username (or similar identifier), occupation and company information, staff structure (for companies), website contact details, etc.) for our KYC purposes; The processing of data is based on AML requirements.
- data we collect about you when you communicate with us and when you use our products or services (it may include financial data, phone number, your account details, emails and letters); Data are processed to fulfil the contractual obligations we have with you due to the customer relation.
- data on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant associated with the transaction, IP address, counterparty name and registration information, geographic location from where the transaction originates or sent to; Data are processed to fulfil the contractual obligations we have with you due to the customer relation as well as to fulfil legal obligations derived from AML and financial regulation requirements.
- data we collect automatically about you when you use our mobile application: technical information, including the Internet protocol (IP) address used to connect the computer, mobile or other device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, mobile phone network. We collect this information based on the consent you give choosing from available options when you visit our website and on the ground of the contractual relationship with you as a customer.
5.2. We obtain and confirm your data from the following sources:
- If you are user of our website, we collect the data automatically by means of the cookies you agreed to, advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website.
- If you are a non-customer but intend to become our customer, we may collect the data from you, publicly available sources, business partners and other third parties in order to take steps at your request prior to entering into a contract with us.
- If you are a customer, we may collect the data from you as part of our KYC process, publicly available sources, business partners, banks that you use to transfer funds to/from us, commercial registers, counterparties when you use our services and products. Periodically, we may conduct a soft check of credit files which may leave small traces on them but will not affect the file itself.
5.3. We will take reasonable steps to ensure that data which you provide to us is:
- accurate, complete, and current;
- adequate and relevant;
- limited to what is necessary in relation to the purposes for which they are processed;
- kept in a form which permits your identification for no longer than is necessary for the purposes for which the data is processed, unless a longer retention is required or allowed under applicable law.
If you find that data is not accurate, you have the right to correction of data. You can read about your rights in section 13b (right to rectification) below.
6. Risk assessment
- We take reasonable steps to ensure that data is accurate, complete and current, adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- We may make automated decisions by using technology that can assess your circumstances and other factors to predict and evaluate associated risks. We do this to comply with our regulatory obligations. Risk assessment also allows us to run our business efficiently and to ensure our decisions are informed and consistent. Where the automated assessment cannot be completed, we evaluate your data manually.
8. Use of your data
- We will use your data for the following purposes:
- to enter into a contract with you or to carry out our contractual obligations we owe to you where it is applicable;
- to pursue our legitimate interests in providing and marketing our products and services to you;
- improving our website and interactions with you and other users of our products and services;
- to comply with applicable legal and/or regulatory requirements;
- to process your job application where it is applicable;
- to send periodic emails or mobile application notifications regarding your Moneff account, our products and services and changes to them as well as the customer support services;
- to improve our products and services, and to ensure that they are presented in the most effective manner;
- to adhere to government regulations or guidance or to pursue any legitimate business interest;
- as may be required or requested by any judicial process or governmental agency having or claiming jurisdiction over Moneff or Moneff’s affiliates;
- to follow up with you after correspondence (online or mobile application live chat, email), answer your questions or resolve queries;
- to provide staff training and evaluation (for example, in customer service quality assurance);
- to prepare internal reports for use by Moneff or any of Moneff’s affiliates, staff, management, and consultants for the purposes of operating, evaluating, and managing Moneff’s business;
- to manage risk exposures and protect data subjects against or prevent actual or potential fraud, unauthorised transactions, claims, or other liability including to third parties providing these services;
- to combine data we receive from other sources with the data you give to us. We may use such data or the combined data for the purposes set out above (depending on the types of data we receive).
- If you wish to change how we use your data, please refer to section ‘Your rights’ below.
- If you choose not to share your data with us, or refuse certain contact permissions, we might not be able to provide some services or products which are asked for.
9. Disclosure of data
- Based on the relevant adequacy decisions (Commission Implementing Decision of 28.6.2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the UK), we may share your data within Moneff group of companies (Safenetpay Services Company Limited, UK) in order to provide you with the best products and services if you are our customer.
- We will not sell, trade, or otherwise transfer your data to third parties unless we act on a valid legal or contractual basis and provide you with an advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business or serving our customers, so long as those parties agree to keep this data confidential or are under regulatory obligations to protect your data.
- We may further disclose your data to third parties:
- affiliates, business partners, suppliers (suppliers who provide us with IT, payment and delivery services, our banking and financial services partners and payments networks, etc) and subcontractors for the performance and execution of any contract we enter into with you;
- third parties that pay money into your Moneff account (this may be necessary to confirm that the payment has been made to the correct account, or, for example, to claim back a payment made to your account by mistake) when you are our customer;
- if we are under a duty to disclose or share your data in order to comply with any legal or regulatory obligation;
- to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so to check your identity, protect against fraud, keep to anti-money laundering regulations and confirm that you are eligible to use our products and services;
- to prevent and detect fraud or other illegal activity;
- where you have asked us to share your data based on a specific consent.
data can be disclosed to auditors and tax authorities and be also provided in the course of audit by or reporting to the Danish Supervisory Authority or data protection authorities.
10. Retention period of data
- The periods for which we retain your data are determined based on the purposes for which Moneff processes the data. The data will be retained as long as the purpose for which the data is lawfully processed exists. If the processing is based on consent the retention will follow the specific retention period in the given consent.
- In general, once no longer needed for a legitimate business purpose or reason, your data will be deleted, or we may anonymise or aggregate it with other data to make it non-personal.
- We keep your data in a form which permits your identification for no longer than is necessary for the purposes for which this data is processed unless a longer retention is required or allowed under applicable law and regulations.
- Generally, we keep your data for 5 years after our business relationship ends or for such other periods as may be required by applicable law and regulations.
11. Storing and transfer of data
- We store your data on our secure servers located in the UK and the European Union.
- We may transfer your data outside the European Economic Area (EEA) in connection with the provision of our products and services to you based on any lawful data transfer mechanism that provides an adequate level of protection under the EU/EEA data protection legislation.
- For example, if you ask to make an international payment, we will send funds to banks outside of the EEA.
- If you are our customer or wish to become our customer, we may share your data with credit-reference agencies and fraud-prevention agencies that are based outside of the United Kingdom or EEA.
- We comply with mandatory standards pertaining to the storage, safeguarding, transmission of your data.
- We will take all reasonable steps to make sure that your data is handled securely and in line with this Policy and applicable data protection regulations. If we reasonably believe that an unauthorised person accessed or may have accessed the account, then we will take necessary measures to notify you in writing.
- Please note that we can realistically achieve the secure transmission of data via the Internet based on secure login as well as security in the transport layer and higher host layers only as envisaged by the OSI (Open System Interconnection) model (ISO 35.100).
- Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
12. How we protect your data
- We use regular malware scanning for security breaches and known vulnerabilities in order to make your visit to our website as safe as possible.
- The data is contained behind secured networks.
- We limit access to your data to those employees who need to have access in order to perform their job duties and who are required to keep the data confidential.
- Communication over the internet between you and us is encrypted using strong asymmetric encryption. The provided data is encrypted via Secure Socket Layer (SSL) technology.
- We implement security measures and update our servers regularly in order to maintain their effectiveness when users place an order, enter, submit, or access their data.
- We periodically conduct the training on the significance of confidentiality and privacy of the data we collect.
13. Your rights
You have certain rights under the data protection legislation, including the following:
- Right to view information (right of access)
You have the right to gain insight into the information we process about you and to request access to all copies of your data that we hold and we will provide you with further details on the use we make of your data.
- Right to rectification (correction)
You have the right to have incorrect information about yourself corrected if it is inaccurate or that we complete data if it is incomplete.
- Right to erasure
In special cases, you have the right to have information about you deleted before the time of our general deletion occurs. Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and legal and regulatory requirements. For example: we may not be able to agree to your request to delete data.
As a regulated financial services provider, in certain cases such as to comply with anti-money laundering requirements, we must keep your data even when you ask us to delete it. We will let you know if we cannot delete your data.
If you are no longer our customer and you have closed your Moneff account, we may not be able to delete your entire file because these regulatory responsibilities take priority.
For security reasons, we cannot deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
- Right to restriction of processing
We will only use your information for the lawful purposes for which it was collected.
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may in future only process the data – except for storage – with your consent, or for the purpose of establishing, asserting, or defending legal claims, or to protect a person or important public interests.
- Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.
- Right to transmit information (data portability)
In certain cases, you have the right to receive the personal data you have provided yourself in a structured, commonly used, and machine-readable format and to have this personal data transferred from one controller to another without hindrance.
- Use of automated decision-making, including profiling
We develop and implement appropriate procedures for handling your requests to exercise your rights of (a) access, (b) rectification, (c) erasure, (d) portability, (e) restriction, (f) objection, and (g) not being subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
You can read more about your rights in the Danish Data Protection Agency's website on the rights of data subjects, which you can find on datatilsynet.dk.
14. How will we keep you updated on how we use your data?
- If we wish to change the way we process your data or contemplate using data for a different purpose, we will update this Policy accordingly.
- If we wish to change the way we process your data that we already hold or contemplate using such data for a purpose which you have not agreed to, we will seek your separate consent.
15. Third-party links
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If we indicate a link to any of these websites, please note that (1) these websites have their own privacy policies and we do not accept any responsibility or liability for these policies and (2) third-party products or services are not included for the purposes to offer them on our website.
Any changes to the Policy will be posted on our website. Please check our website regularly to see any updates or changes to the Policy. If we change the way we use your data, we will update this Policy and, if appropriate, let you know through our website or other means.
If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can contact us in the first instance through submission of your complaint to us in the first instance by contacting us through the following address and email: Gammel Kongevej 1, 1610, Copenhagen. Email: [email protected]
We are required to verify the identity in order to process the request and may ask to provide valid identification documents to allow Moneff to do so.
You can also complain to the Danish Data Protection Agency at any time about our processing of your personal data. However, we encourage you to first contact us if you believe that we have processed your personal data in violation of the personal data regulation. That way you can get our explanation of the matter. You can contact the Danish Data Protection Agency by email at [email protected] or read more on datatilsynet.dk. (the state authority) if you are unhappy with how we have used your data.