Porterpays understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits our websites, (“Our Sites”) or uses our Services. We will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier;
Means a Porterpays user account;
Means a small text file placed on your device by our site when you visit our site or use certain features of our services;
Means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2013;
Means any method or way that we handle Personal Data such as collection, organisation, storage, adaption, alteration, transmission, dissemination, restriction, erasure or destruction;
Means any Porterpays service, content, features, function, website and applications;
Means the business requirements to manage and offer the Porterpays services or to comply with legal obligations;
The organisation size is between 3 to 10 employees. The business is solely located in Malta
DATA CONTROLLER DETAILS
Email Address: email@example.com
Postal Address: 7, Robert Mifsud Bonnici Street, Lija LJA1401, MALTA
DATA PROTECTION OFFICER DETAILS
Name: Brian Vella
Email Address: firstname.lastname@example.org
Description of Processing
We may process your personal data for various reasons that are justified under the data protection legislation. These include:
To operate the website and provide payment and associated services, authenticate your access to an account or to correspond with you and offer support
To perform compliance checks, such as verification of your identity, and helping to detect fraudulent or malicious activity on our site or services
To maintain our accounts and records
To manage our business needs, such as monitoring, analysing, and improving the Services and the Sites’ performance functionality
To comply with all applicable laws and regulations
With your permission and/or where permitted by law, we may also use your personal data:
For marketing purposes, which may include contacting you by email with information, news, and offers on our products or services. You will not be sent any unlawful marketing or spam. We may also process your personal data to tailor certain services or site experiences to better match our understanding of your interests.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.*In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
CUSTOMER SUPPORT INFORMATION FROM THE WEBSITE CONTACT FORM, CONTACT EMAIL ADDRESS OR SUPPORT EMAIL, SUPPORT@PORTERPAYS.COM
Support information and other communications received through the website contact form or support emails, including:
Your company/organisation details
For business users who make use of our services and business consoles we may collect:
Business address / city / state / country / postal code
Title, name, surname
Business phone number, mobile number
Authentication details / security question and answer
Travel agency customer personal and travel details, such as contact details and travel details
Credit card details
TRANSACTION AND ASSOCIATED INFORMATION
Service provider(s) involved in the transaction
Funding instruments and/or bank account details
Merchant(s) where spending is done using a virtual card
Session information: login attempts, login IP address(es), session information, login browser user agent(s), geolocation information
We will not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected. For example, we keep your personal account information for a period of six years from the closure of account or termination of business relationship.
This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate interests such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as to respond to queries or complaints, fighting fraud and financial crime and responding to requests from regulators. Information that exceeds the retention periods is deleted or removed using industry best practices.
By using our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. For more details, please refer to the table below. All Cookies used by and on our Site are used in accordance with current Cookie Law.
You will be required to provide cookie consent by acknowledging the privacy and cookie policies during the registration of your account. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies. However, certain features of our Site may not function fully or as intended.
You can choose to delete Cookies on your computer or device at any time. However, you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. You may choose to enable or disable Cookies on your device by referring to https://allaboutdnt.com/#adjust-settings. However, if you do not accept cookies, you may not be able to use some portions of our Service.
We use the following cookies:
STRICTLY NECESSARY COOKIES
These are cookies that are required for the operation of Our Site. They include, for example, cookies that enable you to log into secure areas of our website.
ANALYTICS PERFORMANCE COOKIES
We use third-party analytics providers, such as Google Analytics to collect information about the usage of our services and enable us to improve how these services work, for example, by ensuring that users are finding what they are looking for easily.
These are used to recognise you when you return to Our Site. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
We use third-party targeting tools, such as LinkedIn Insights and ads tags. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.
Personal Data Storage
We will store and process your data following industry best practice and security. All our processing takes place within G-Suite services provided by Google Cloud. Our servers within Google Cloud are located within the EEA and covered by GDPR.
We may share your personal data with other companies. When your personal data is shared with a third-party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party's obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
The data we collect through our services may be processed by one or more of the following:
We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.
Trusted service providers such as technology, support, marketing, and sales service providers
Money Laundering prevention companies
Other companies within the group
Some of the processing may take place outside of the EEA. Where we transfer your data to a third-party based in the US, the data may be protected if they are part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar to those in Europe. More information is available from the European Commission.
Please contact us for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.
The security of your personal data is essential to us, and to protect your data, we take several important measures, including the following:
Limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
Implementing strong technical security measures, such as encryption and infrastructure security;
Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data) including notifying you and/or the Supervisory Authority where we are legally required to do so.
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
The right to access the personal data we hold about you. Upon request and verification of your identity, we will send you a copy of the personal data we hold about you.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed if we have that data.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. We may not always be able to comply with your request of erasure for specific legal reasons, for which you will be notified. Please note that retention requirements supersede any right to erasure requests under the data protection laws.
The right to restrict (i.e. prevent) the processing of your personal data. Please note that any requests in relation to the processing of your data mean that we may not be able to provide you with the service, in which case you will be notified.
The right to object to us using your personal data for a particular purpose or purposes.
The right to withdraw consent. That means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
To exercise your rights above please contact our Data Protection Officer, Data Controller or Company representative via any of the channels provided.
You also have the right to lodge a complaint with our supervisory authority. Porterpays’ establishment is in Malta, thus its supervisory authority is the IDPC in Malta. Their contact details are as follows:
We would welcome the opportunity to resolve your concerns ourselves however, so please contact us first, using the details provided.
Quick Links for exercising your rights:
DPO email address: email@example.com
Controller email address: firstname.lastname@example.org
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.