OKTO Privacy Policy

Version 1

Privacy Policy

This Privacy Policy applies to personal information held by OKTOPAY CONNECT LTD as described below. It explains what information we’ll collect about you and how we’ll use it. It will also explain who we may share your information with and when. It also describes what we’ll do to make sure it stays safe and secure. This continues to apply even if your agreement for services with us ends. This policy should also be read alongside our specific Terms and Conditions.

Some links on our website lead to other providers outside OKTOPAY CONNECT LTD. These have their own privacy notices, which may be different to those on our website. You should confirm you are comfortable with the privacy notices on those sites before proceeding on them.

By “you” we are referring to you, or any persons authorised to operate on your account. This will include anyone with power of attorney, trustees, executors, or any other authorised signatory. By “we” the policy is referring to OKTOPAY CONNECT LTD. Unless otherwise stated below, the data controller for the purposes of this policy is OKTOPAY CONNECT LTD.

The address for OKTOPAY CONNECT LTD is Klimentos 25B, Agios Antonios, 1061, Nicosia Cyprus. If you’d like to get in touch with us, you can also find contact details below.

What do we collect?

We will only collect information about you that is permitted or required by our regulators and the law. We may collect it from a number of sources, such as from our products or services you apply for, currently use, hold or have used in the past. We may also collect information about you through your interactions with us, for example when you visit our website, use our app, call us, or request information on any of our products and services.

Some of the information we hold will be sourced directly from you, for example the ID provided when you opened an account. It may also have been provided by your financial advisor, broker, employer, or any other sources you request we obtain information from. We might also get some from publicly available places.

The information we collect may include:

Information requested from you directly:

  • personal details (name, surname, date / place of birth)
  • contact details (home address, working address, email address, telephone numbers)
  • ID documents (ID or passport information, nationality, photo)
  • user login data (account login details: username and password)
  • data concerning your financial situation (tax certificate, data related to your profession, salary/income, wealth, source of income, source of wealth, turnover, account purpose)
  • other information about you that you give us when you fill forms in or by communicating with us, whether by phone, email, online, or otherwise;
  • information about your personal location and your contact list (when supported by the services): Before collecting this information, we will inform you about the purposes and ask for your consent.

The Information we collect about you, and what might share about you:

  • financial/transactional information such as the way you use our services, transactional data (transactions records, frequency, amounts, locations, recipients, transactions number, currency, banking information [iban])
  • details about your relationship with us. This will include the way you interact with us, and information on any complaints you have raised, or any disputes;
  • information we use to identify you (signature, facial recognition, or information from external sources required for compliance purposes);
  • marketing and sales information (details of the services you receive information about, and any preferences expressed)
  • information about any devices or the software you use to access your accounts (IP address, technical specification and uniquely identifying data)
  • cookies and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you – our cookie policy contains more details about how we use cookies and can be found at (insert link)
  • investigations results (due diligence checks, anti-money laundering reviews, sanctions screening results, external intelligence reports, or content and metadata related to relevant exchanges)
  • communication with the business (calls, letters, emails, voicemail, live chat etc)
  • any information is required to collect to meet our regulatory obligations;
  • any suspicious and unusual activity reports, and information about parties connected to you or these activities.

Information obtained from other sources:

  • information you’ve asked us to collect for you (details about your account with us or other companies, including transaction data);
  • information from third party providers that helps us to deter or detect fraud.

What will we do with your information?

We will only use your information if we have your permission, or we are required to for legal or regulatory reasons. These could include:

  • to enter into or carry out any agreements we have with you;
  • where we are required to legally or by our regulator;
  • where it serves the public interest for us to do so. For example, to prevent money laundering or the financing of terrorism.
  • to confirm or exercise our legal rights, and protect our legitimate interests;

How we use your information:

  • to identify you and to verify that you are at least 18 years old
  • to provide our products and services;
  • when we act on your instructions (make a transfer of funds, update our record, provide you with location-based information);
  • to constructively manage our relationship with you;
  • deterring and detecting criminal activity, including fraud and other financial crime;
  • to send you newsletters and to inform you about marketing offers via e-mail and/or phone calls;
  • to manage queries, to handle complaints, enquiries and technical support matters;
  • to contact you if there is a problem with you account;
  • the continual development of our products and services;
  • asserting our legal rights where required;
  • complying with our legal obligations;
  • carrying out system or product development and planning;
  • insurance, audit, and administrative purposes;
  • to recover any funds that you may owe us.

Further details of how we’ll use your information can be found in the Appendix below.

How we make decisions about you:

OKTOPAY CONNECT LTD may use automated systems to help us make some of our decisions when you apply for a product, or undertake periodic reviews to prevent fraud or money laundering. We may also use automated monitoring systems to monitor account activity to protect your accounts against potential financial crime.

You have a right to certain information about how we make these decisions and ask for a decision to be made by a person instead of a computer. More details can be found in the ‘Your rights’ section below.

Monitoring or recording what you say or do:

We work hard to keep both you and your money safe. To help us do this more effectively we may keep a record of your communications with us, this could include phone calls, emails, live chats, video chats and any additional method you choose to communicate with us. We use these to confirm your instructions to us, improve our service, develop our staff training, identify risks, and to more effectively deter and detect potential fraud and other crimes. We may also keep a record of additional information, for example the telephone numbers that you call us from, or the devices or software that you use.

Compliance with laws and regulatory compliance obligations:

OKTOPAY CONNECT LTD uses your information to comply with our legal and regulatory obligations. We will share your information with our regulators, and potentially other authorities with legal jurisdiction, when required to do so. This information may be required to help detect or prevent crimes such as financing terrorism, money laundering, people trafficking, or other financial crimes. We will only do this if it is required to comply with a regulatory or legal requirement, it’s in our legitimate interests and that of others, or to prevent or detect criminal activity.

Marketing:

We may use your information to provide you with details of our services. Depending on the preferences you listed, we may send you newsletter and other marketing messages by email, telephone, or text. You can alter your preferences at any time, either on how you receive marketing messages, or you can stop receiving them at all. To change your preferences just follow the instructions in each marketing e-mail or contact us in the usual way. If you decide you no longer wish to receive marketing messages from us, we will continue to use your contact details to send you important information, such as changes to your terms and conditions. We may also need to contact you to advise you of any information required for us to meet our regulatory or legal obligations to you as a customer of OKTOPAY CONNECT LTD.

Sharing your information

OKTOPAY CONNECT LTD is obliged to disclose your information to UAB “Payrnet” which is an Electronic Money Institution (“EMI”) authorised by the Bank of Lithuania under the Law on Electronic Money and Electronic Money Institutions (license reference 72, issued on 2020-08-28) for the issuing of electronic money and provision of the related payment services. OKTOPAY CONNECT LTD acts as distributor of UAB “Payrnet”. We and UAB “Payrnet” will process your information as independent controllers. You can find more information with respect to the processing of your personal data by UAB “Payrnet” in its Privacy Policy at https://railsbank.com/payrnet .

We may share your information with others where lawful to do so including where we or they:

  • need to in order to provide you with services you’ve asked for;
  • need to in order to administer your claim;
  • have a public or legal duty to do so, e.g. to help with detecting and preventing fraud, tax evasion and financial crime;
  • need to for any regulatory reporting, litigation or asserting or defending legal rights and interests;
  • wish to send marketing to you or others, where you’ve given us your permission, or it’s within our legitimate interest to do so;
  • have a legitimate business reason for doing so, e.g. to manage risk, confirm your identity, or check your suitability for services;
  • have asked you for your permission to share it, and you’ve agreed.

We may share your information for these purposes with others including:

  • collaborating companies which provide us with cloud services, ID and address verification services, as well as services related to AML checks (on PEP, sanctions lists etc) and to our accountants, auditors and tax advisors;
  • media agencies and technical suppliers for distribution of promotional messaging;
    we never pass on, sell or swap your information for marketing purposes to third parties;
  • third parties, such as technology providers and other cooperating companies, only if necessary, in order to handle your requests and/or your complaints. Also, we may share your information with our legal advisors if required in order to handle complaints or requests;
  • competent authorities if this is required in order for us to comply with the applicable legislation (i.e. mainly with obligations regarding reporting of suspicious transactions); please note that the competent authorities will process your information as independent controllers;
  • other subsidiaries or holding companies of OKTOPAY CONNECT LTD and any subcontractors, agents or service providers who work for us or provide services to us (including their employees, sub-contractors, service providers, directors and officers);
  • any joint account holders, trustees, beneficiaries or executors;
  • people who have provided guarantees or any other security for any money you owe us;
  • people you make payments to and receive payments from;
  • your beneficiaries, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties and any companies you hold securities in through us, e.g. stocks, bonds or options;
  • tax authorities, payment service providers and debt recovery agents, or potentially any trade associations;
  • any people or companies in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
  • government or law enforcement agencies, the courts, arbitration services, our regulators, auditors and any party appointed or asked for by our regulators to carry out investigations or audits of our activities;
  • parties involved in any disputes, including disputed transactions;
  • fraud prevention agencies using it to detect and prevent fraud and other financial crime and to confirm your identity;
  • anyone who provides instructions or operates any of your accounts on your behalf, e.g. Power of Attorney, solicitors, intermediaries, etc;
  • anybody else that we have been instructed to share your information with, by either you, a joint account holder, or anybody else authorised to operate any of your accounts on your behalf;
  • our card processing supplier(s) to carry out fraud and risk checks, process your payments, issue and manage your card;

Sharing aggregated or anonymised information

We may share aggregated or anonymised information within and outside of OKTOPAY CONNECT LTD with partners such as research groups, universities or advertisers. You won’t be able to be identified from this information.

How long will we keep your information

In order to comply with our legal and regulatory obligations OKTOPAY CONNECT LTD will normally retain your main banking information for a period of five years from when our relationship with you ends. We may also use your information where we have a legitimate purpose. For example managing your account, and dealing with any disputes or concerns that may arise.

It may be necessary for us to retain your information for longer where we may need it to comply with regulatory or legal requirements. For example help detect or prevent fraud or other financial crime, or answer requests from regulators, etc.

Where we no longer require your information for this length of time, we may destroy, delete or anonymise it sooner.

Transferring your information overseas

Your information may be transferred to and stored in locations outside the European Economic Area (EEA), this may include countries that do not have the same level of protection for personal information as those in your home country, and therefore are not considered by an adequacy decision of the European Commission, to provide for an adequate level of data protection comparable to the level of protection in the EU. If we do this we will ensure an appropriate level of protection is put in place, including by implementing contractual safeguards on the basis of the EU Standard Contractual Clauses, and that any transfer of data aligns with the applicable regulatory and legal requirements. The reason for any transfer of your information will be to fulfil our contract with you, to comply with our legal obligations, to act in the public interest, or to protect our legitimate interests.
In some countries the law might require that we share certain information, e.g. with tax authorities. We will only share your information with people who have the right to see it.

If you would like more information on how we protect your information when transferring it outside of the EEA regions please contact us.

Your rights

You have a number of rights in relation to the information OKTOPAY CONNECT LTD holds about you. These rights include:

  • the right to see information we hold about you and to get information about what we do with it (right to access);
  • in certain circumstances you have the right to withdraw your permission for our processing of your information. You can do this at any time. We may continue to process your information if we have another legitimate reason for doing so or are required to for regulatory or legal compliance purposes (right to withdraw your consent);
  • in some circumstances, the right to receive certain information you have provided to us in an electronic format and/or ask that we send it to a third party (right to portability);
  • the right to request that we update our records or correct any errors in the information we hold about you (right to rectification);
  • the right to request that we delete the information we hold about you. As above, we may continue to process your information if we have a legitimate reason for doing so or are required to for regulatory or legal compliance purposes (right to erasure);
  • the right to object to how we process your information in some circumstances, and to ask that we limit how we do this. There may be situations where you object to, or ask us to limit our processing of your information but we’re entitled to continue and/or to refuse that request (right to object and right to restriction).

You can exercise your rights by contacting us using the details set out in the ‘More details about your information’ section below. You also have a right to complain to the Commissioner for personal data protection in Cyprus, or to the data protection regulator and/or any other competent supervisory authority in the country where you live.

Financial Crime Checks

Fraud Prevention Agencies

OKTOPAY CONNECT LTD will carry out checks with fraud prevention agencies to help us prevent fraud and money laundering, and also to confirm your identity before we provide services to you.

These checks require us to process personal information about you. The personal information you provide for us, that we have collected from you directly, or that we have received from a third party. This will include information such as your name, surname, address, date of birth, contact details, financial information, employment details, and device identifiers.

We, and fraud prevention agencies, will enable law enforcement agencies to access and use your personal data if required to do so to identify, investigate, and prevent crime.

We will process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering and to confirm your identity. This allows us to protect our business and to comply with laws that apply to us, as well as allowing us to more effectively protect your interests as a customer. This processing is also a contractual requirement of any of our products or services you wish to use.

Fraud prevention agencies (e.g. KYC providers providing AML screening) can hold your personal data for different periods of time. If they’re concerned about a possible fraud or money laundering risk, your data can be held by them for up to six years.

Consequences of Processing

OKTOPAY CONNECT LTD may decline your application for the services if we, or a fraud prevention agency, believe there is a risk of fraud, money laundering, or any other criminal activity. It is also possible that we will withdraw the provision of an existing service, or close your account(s). A record of any identified fraud or money laundering risks identified will be maintained by fraud prevention agencies, and this may have an impact on your ability to obtain products and services from other institutions.

What we need from you

You are responsible for ensuring the information we hold on you is accurate and up to date. If there are any changes to your circumstances you must let us know as soon as possible. If you are providing information on behalf of another person, for example a joint account holder, or a dependent, you need to direct them to this notice.

How is your information secured

We use a number of processes and procedures to safeguard your information and ensure it remains secure, such as encryption and other forms of security. We require our staff and any third parties working on our behalf to strictly adhere to all of our compliance standards, including their obligations to ensure the protection of all customer information. Procedures are in place governing how to apply appropriate measures for the use and transfer of this information.

More details about your information

You can contact our Data Protection Officer (DPO) by writing to dpo@oktopay.eu , marking your letter “For the attention of the DPO”.

You can exercise your rights, by writing to dpo@oktopay.eu .

This Privacy Policy may be updated from time to time and the most recent version can be found at www.oktowallet.com.

 

Appendix – How we process your information

We’ll use your information for purposes including:

  • To process your application for our services, manage your accounts, and process your transactions. This is required to meet the terms and conditions of our contract with you;
  • To process your information to ensure our services operate within our regulatory and legal obligations, and ensure your rights and interests are protected. For example, the management of any complaints. They are considered to be lawful reasons that allow us to protect our legitimate interest, meet our legal obligation, and to perform our contract with you;
  • To deter and detect crime such as fraud, terrorist financing, or money laundering. This will require ongoing risk assessments that will include monitoring account activity, undertaking customer due diligence, name screening, transaction screening and customer risk stratification. We do this in order to meet our legal and regulatory obligations. And because it is both our, and your, legitimate interests. We may choose to share your information with relevant agencies, such as law enforcement or other legitimate third parties, where the law allows us to for the purpose of preventing or detecting crime. This is to comply with our legal and regulatory obligations to prevent or detect crime, or it’s in the public interest, or in the legitimate interest of OKTOPAY CONNECT LTD and our customers. We may be required to use your information for these purposes, even if you have requested we stop using your information. That could include, but is not limited to:

○ for screening, investigating, and potentially intercepting any payments, instructions or communications you send or receive;
○ to investigate who you are sending funds to, and who you are receiving funds from;
○ to forward information to relevant agencies if we believe you have provided false or inaccurate information, or we suspect criminal activity;
○ combining the information we have about you with information held by other members of the OKTOPAY group help our overall understanding any potential risk;
○ Confirming if the people or organisations you are sending funds to, or receiving funds from, are who they say they are, and are not subject to any sanctions.

  • Risk management:
    ○ OKTOPAY CONNECT LIMITED will use your information to help estimate the probability of a financial, legal, regulatory, or reputational risk. As well as any compliance, financial crime, or customer risk.
  • Online Platform and Mobile App:
    ○ the information you give us allows us to provide you with access to OKTOPAY CONNECT LTD’s online platform and mobile app. This platform and mobile app allows you to directly or indirectly interact with us, as well as apply for our services. It is legally permissible for us to use your information in this way, as well as allowing us to continue to develop our customer offering and fulfil our contract with you. This is in both the legitimate interest of OKTOPAY CONNECT LTD and you as our customer;
  • Services improvement:
    ○ where possible, we will analyse your information, possibly aggregated with other customer’s information, to identify potential service improvements. We can legally process your information for this purpose as it is in the legitimate interests of the business, and our customers, to continually improve the products and services we offer our customers;
  • Data analytics:

○ OKTOPAY CONNECT LTD will analyse your information to help us identify opportunities to promote our services to both new and existing customers. It will also help us understand how you, and other customers, use our services and how we can improve these. This may include reviewing historical customer transactional activity. This will help us provide you with information on the services we offer that we believe will be useful to you. Legally, this is in both our and your legitimate interests.

  • Marketing:
    ○ we will use the information we have about you to help provide you information on services we believe would be suitable for you. We may contact you by email, telephone, text, depending on your preferences. You can change these preferences at any time, just contacting us in the usual way.
  • Protecting our legal rights:
    ○ it may be necessary to use your information to protect our legal rights, for example to protect or defend our legal rights and interests. This may include pursuing monies owed to OKTOPAY CONNECT LTD, protecting the security of our business, defending our intellectual rights during court action, investigating and managing complaints within policy, or resolving disputes. We may have to use the information we hold about you if we are forced to take action against you, any joint borrowers, or any guarantors for a debt you owe us. Legally, it is in our legitimate interests to do this.
Download the app
OKTO.WALLET (Spain)
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.