Pay online
Privacy Policy
Please read this Privacy Policy carefully to understand Our policies and practices regarding Your personal information and how we treat it.
Open Payment Technologies Ltd, (“Company, We, Us, Our”), with its registered office at Second Floor, The Old Court House, Athol Street, Douglas, Isle of Man, IM1 1LD is responsible for the processing and protection of Your personal data, subject to the Isle of Man Data Protection Act 2018 and in accordance with the present (GDPR 2018 application).
This Privacy Policy describes the “Personal Data” we process about You, how we use it, how we share it, Your rights and choices, and how You can contact Us regarding Our privacy practices. References to “You” or “Your” in this policy are to the individual who is accessing or applying to use the Services (as defined below) and who may or may not be a Customer of the Company.
This Policy also describes Your rights as a data subject, including the right to object to certain uses of such data by Us.
The Company is committed to protecting Your privacy and will take all appropriate steps to ensure that Your Personal Data is treated securely and will be collected, used, stored and disclosed in accordance with this policy.
We collect and process personal and non-personal information relating to You. “Personal Data” is information that can be used to uniquely identify a single person, either directly or indirectly. The type and amount of Personal Data we collect about You will depend on how You choose to interact with the Company.
“Services” means the products and services indicated by the Company in its Terms and Conditions, and covered by this Privacy Policy, and include the Services offered by Our website and the Kuady App as defined below. Our “Services” are services provided by the Company to You.
Please note that the Company may provide Services to both individual Consumers and Merchants (as defined in the Kuady Terms and Conditions) and this Privacy Policy applies to both and should be read and interpreted accordingly.
“Sites” means the Company’s official website www.kuady.com and the Kuady mobile application (Kuady App).
Depending on the activity, the Company acts as a “data controller” and/or “data processor (or service provider)” in accordance with the following Policy.
Privacy Policy
Your Personal Data is used only for explicit, legitimate, and specific purposes in relation to Our various Services, and only strictly necessary data will be processed.
We do not keep Your Personal Data beyond the time necessary for the operations for which it was collected, or as provided by the recommendations of Applicable Laws (such as legal requirements).
Please note that to comply with this Privacy Policy You must be of legal age, nowhere on Our Sites will we knowingly collect Personal Data or information from persons under the age of 18.
Consent.
By accepting this Privacy Policy, You expressly consent to the “processing” of Your Personal Data for the exclusive purposes defined herein and for the provision of the Service(s) that You contract with us (contractual obligation).
What Personal Data will we use, how do we collect it and for what purposes?
The Company will collect, use, and process the following information through the “Sites”, Kuady App, email or any other means we make available to You for the provision of its Services.
Financial Data:card number and CVV / PCI, cardholder’s name, expiration date, amount, bank account, bank name, currency.
Biometric Data:facial image for identity verification.
Except for the facial image, no sensitive personal data will be collected; however, You may activate the fingerprint or facial recognition access feature on Your mobile device, the Company will not process such sensitive data or have access to it, You may deactivate the feature on Your mobile device at any time.
Primary purposes of processing:The personal data we collect from You will be used for the following main purposes, which are necessary for the service You are requesting:
(i) Verify and confirm Your identity through the KYC (Know Your Customer) process. We use Personal Data about Your identity to provide verification services to reduce fraud and improve security. When You are requested to provide a “selfie” along with an image of Your ID, it will be used to compare and calculate the match, verifying Your identity;
(ii) Account creation on Kuady App;
(iii) Provide contracted products or services offered by us;
(iv) Process the transactions requested by You;
(v) Perform risk analysis and clarification to prevent money laundering, detect fraud or illicit activity against You or the Company;
(vi) To deal with complaints, claims and suggestions sent to the Company;
(vii) Communicate with You to fulfill Our obligations under the Kuady Terms and Conditions;
(viii) Carry out all types of analysis to improve the services offered by the Company; and
(ix) Comply with Our legal obligations.
Secondary purposes of the processing: Subject to Applicable Law (including obligations regarding obtaining consent from data subjects), we may promote Our Services through personalized advertising and through the sending of emails or other communication technologies, as well as attempt to measure the effectiveness of Our advertisements. We do not sell or disclose Our end customers’ Personal Data to any third party so that they can use it for advertising purposes. The data will be used for the following secondary purposes, which are not necessary for the Service, but are very important for us:
(i) Marketing, advertising, or commercial prospecting purposes with respect to the Services we offer, whether Our own or those of third parties.
(ii) Conduct service surveys, with the aim of evaluating and improving the quality of the products and Services we offer.
We will be sending marketing, advertising, or commercial communications, however You have the right to opt out receiving them.
What Third Party Data Do We Collect?
The Company may process Your Personal Data when You visit Our “Sites”, either because You provide it to Us or because it is collected through Our use of cookies and similar technologies.
We use the information about You that we obtain from cookies and similar technologies to measure engagement with content on the Sites, to improve relevance and navigation, to personalize Your experience (e.g., through Site language and relevant content based on Your geographic location), and to improve the Services we offer to You based on the region in which You are located.
For more information, please see Our Cookie Policy.
Treatment of Personal Data.
In addition to the above, the Company may process Your Personal Data for the following purposes:
(i) The improvement and development of Our Services. We use analytics on Our Sites to help us review Your use of Our Sites and Services and to diagnose technical problems;
(ii) We will use Your contact information to provide the Services, which may include sending codes via SMS, WhatsApp, or email, to authenticate You;
(iii) If You choose to submit Personal Data to us to participate in an offer, program, or promotion, we will use it to administer the offer, program, or promotion. We will also use that Personal Data that You make available on social media to send You advertising about Our Services, except where this activity is prohibited;
(iv) We collect and use Your Personal Data to help us detect and manage the activity of fraudsters on Our Services, to enable Our commercial fraud detection services, and to try to secure Our Services and transactions against unauthorized access, use, modification, or misappropriation of Your Personal Data, Information and Funds. In connection with monitoring, prevention, and security and security activities for the Company and You, we receive information from service providers, including credit bureaus. We may process information about You, provided by Merchants, financial institutions, and, in some cases, third parties, to protect Our Services;
(v) We may also receive information from third parties about IP addresses that have been compromised by fraudsters or criminals. This personal data (e.g., name, address, phone number, country) helps us confirm identities, perform credit checks subject to applicable law, and prevent fraud. We may also use technologies to assess the fraud risk associated with an attempted transaction by You with a Merchant or financial partner;
(vi) We use Personal Data to comply with Our contractual and legal obligations related to anti-money laundering laws, Know-Your-Customer (KYC), countering terrorist financing, proliferation financing, export control, and prohibitions on doing business with restricted persons or in certain business areas, as well as other legal obligations. We strive to make Our Services secure and compliant, and the processing of Personal Data is critical to this purpose. For example, we may monitor the patterns of payment transactions and other online signals and use those insights to reduce the risk of fraud, money laundering, and other activities harmful to You and the Company.
Who do we transfer Your data to?
In addition to the ways described above, we share Personal Data in the following ways:
(i) We share Personal Data with other entities affiliated with the Company. When we share with these entities, it is for the purposes identified in this Privacy Policy;
(ii) To provide Our Services, we may use third-party services. Our Authorised Third Party Providers (as defined in the Kuady Terms and Conditions) will be considered Processors and will act on Our instructions for the provision of critical services, such as hosting (storage), analytics to evaluate the speed, accuracy, and/or security of our Services, identity verification, customer support, email, and auditing. We authorize these Authorised Third Party Providers to use or disclose the Personal Data we make available to them to perform services on Our behalf and comply with applicable legal requirements. We also require them to make a contractual commitment to protect the security and confidentiality of the Personal Data they process on Our behalf;
(iii) “Financial Partners” are the financial institutions with which we partner to provide the Services (including payment method acquirers, banks, and payment providers). We share Personal Data with certain financial partners in order to provide the services based on the transactions You wish to use in Your Kuady App and to provide certain Services in collaboration with Our Financial Partners;
(iv) In the event that we enter into, or intend to make, a transaction that alters the structure of Our business (such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or a portion of Our business, assets, or stock), we may share Personal Data with third parties in connection with such transaction. Any other entity that buys from us or acquires any part of Our business will have the right to continue to use Your Personal Data. You will be notified of any such transactions; and
(v) We share Personal Data when we deem it necessary to:
1. Comply with Applicable Laws in each country we offer Our Services;
2. Comply with rules imposed by a payment method in connection with the use of that payment method (e.g., Mastercard network rules);
3. Enforce Our contractual rights;
4. Ensure the security and protect the Services, rights, privacy, safety, and property of the Company, You, or any third party, including against other malicious or fraudulent activities and security incidents; and
5.Respond to valid and well-founded court requests issued by courts, law enforcement agencies, regulatory bodies, and authorities, which may include authorities outside Your country of residence.
What are Our Legal Bases for Processing?
(i) We willprocess Your Personal Data based on the free, informed and unambiguous consent You provide to us, either directly or indirectly for the specific purposes described in this Privacy Policy in Your capacity as a Customer or visitor to Our Sites;
(ii) We process Personal Data to formalize business relationships with other potential business entities and to comply with the respective contractual obligations we have with such entities, as well as we process Your Personal Data for compliance with the Kuady Terms and Conditions that You agree to when requesting Our Services; and
(iii) In accordance with applicable legislation, we process data to comply with The Company’s legal obligations, such as the prevention and clarification of fraud, as well as the provision of Our Services.
What security measures do we employ and for how long do we store Your Personal Data?
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical, and administrative measures designed to protect the Personal Data covered by this Policy from unauthorized access, destruction, loss, alteration, or misuse.
To help us protect Your Personal Data, when You have a Kuady account with the Company, we recommend that You use a strong password, protect that password to prevent unauthorized use, and do not use the same login credentials (e.g., password) as You use for other services or accounts. If You have any reason to suspect that Your interaction with us is no longer secure (for example, if You believe that the security of Your Kuady account has been compromised), please contact us immediately.
We retain Your personal data for as long as the Service(s) contracted by You as defined in our Kuady Terms & Conditions (as applicable) or for such period as we reasonably expected to provide the Services to You.
After we cease to provide the Services directly to You or if You have closed Your Kuady Account, we retain Your Personal Data only for the following purposes:
(i) Comply with Our legal and regulatory obligations;
(ii) Be able to carry out fraud monitoring and detection and loss prevention activities;
(iii) Comply with Our tax, accounting, and financial reporting obligations; and
(iv) Where we are required to do so by contractual commitments to Our financial partners (and where data retention is required by the payment methods You used).
Where we retain Personal Data, we do so in accordance with the statute of limitations and record- keeping obligations imposed by applicable law.
Your Data Protection Rights??
The Company acts in full compliance with the Isle of Man GDPR (2018) (“GDPR”). As the owner of Your Personal Data, You may have one or more of the following rights, depending on the Data Protection laws of the Isle of Man and or Your country of residency.
(i) Right to be informed: including by being provided with this Privacy Policy;
(ii) Right to access: request a copy of the information we hold about You;
(iii) Right to erasure: request deletion of Your Personal Data;
(iv) Right to restriction: request we restrict the processing of Your Personal Data;
(v) Right to rectification: request we rectify certain information we hold about You;
(vi) Right to data portability: request that we provide You or another organisation with an electronic copy of the Personal Data You provided to us;
(vii) Right to object: request we stop processing Your Personal Data;
(viii) Right to opt-out of marketing: remove Your Personal Data from Our marketing database; and
(ix) Rights related to automated decision-making including profiling: see section “Automated Decision Making” below.
Furthermore, such rights may be qualified or restricted. For example, we may not be obligated to grant Your request as we may be required by law to continue its processing, or to manage a complaint. Similarly, we are unable to delete Your Personal Data if you want to continue using Our Services, or where such information is necessary to record Our contractual dealings; it is required by law (for example, the retention of anti-fraud or “know your customer” identify and verification requirements); or for the purpose of defending or asserting legal rights and legal actions.
When You cease Your relationship with us and stop using Our Services, we are permitted by law to retain Your Personal Data for a period to evidence Our dealings with You, as explained earlier. This will be in accordance with our internal retention policies and procedures. For more information on retention of data, please refer to the relevant section within this Privacy Policy.
To the extent that GDPR applies, when You give us consent to use Your Personal Data, You can withdraw it any time. Withdrawing Your consent will not affect the lawfulness of any processing we conducted prior to Your withdrawal, nor will it affect processing of Your Personal Data conducted in reliance on lawful processing grounds other than consent. For example, You can stop any marketing communication we send You by clicking on the “unsubscribe” or “opt-out” link in the communications You receive, or according to the instructions that we provide every time, but we will continue to send You operational or service messages in relation to Your Services.
Where do we store Your Personal Data?
We, Our Authorised Third Party Providers, and other parties with whom we may share Your personal information (as described above) may process Your personal information in territories that are outside the Isle of Man, the European Economic Area (“EEA”) or otherwise outside of the territory in which You reside. It may also be processed by staff (Ours or that of Our suppliers) operating outside the Isle of Man, the EEA or the territory in which the Personal Data was collected. Such staff may be engaged in, among other things, the processing of payment details and support services in provision of the Services. These countries may have data protection standards that are different to (and, in some cases, lower than) those of the territory in which You reside.
In these circumstances, we will take appropriate steps to protect Your Personal Data in accordance with this Privacy Policy and applicable data protection laws; including using any appropriate safeguards required by law to ensure that any international data transfers are lawful.
AUTOMATED DECISION MAKING
In some instances, Our use of Your Personal Data may result in automated decisions being taken (including profiling) that affect You legally or similarly significantly affect You.
Automated decision-making means that a decision concerning You is made automatically based on a computer determination (including the use of software algorithms, or artificial intelligence models based on machine learning), without Our human review. For example, we use automated decisions to complete some identity verification assessments of You when You apply for certain Services or to carry out anti-fraud checks, as explained in the section; “What Personal Data will we use, how do we collect it and for what purposes”.
The consequences for You may be Our refusal to provide the Services, but may mean that we request that You provide additional identity verification, proof of wealth and/or source of funds etc.
We have implemented measures to safeguard the rights and interests of individuals whose Personal Data is subject to automated decision-making.
Treatment and Rights
We take Our responsibilities extremely seriously when it comes to the protection of Your Personal Data and the rights you have under the applicable laws.
(i) You wish to opt-out of receiving electronic communications from us. If You no longer wish to receive marketing emails from us, You may opt-out of receiving them via the unsubscribe link included in the messages or by sending an email with the request to the emails Our Customer Service Department at help@kuady.com. We will try to accommodate Your requests as soon as reasonably practicable. Please note that if You opt-out of receiving marketing emails from us;
1. we will still be able to send You notifications regarding the services we are providing to You and
2. Our Partners or Merchants may continue to send You messages and/or ask us to send correspondence on their behalf.
(ii) You have the right to request confirmation of the existence of processing of Personal Data;
1. to have access to Your Personal Data, by requesting the availability of a copy of the Personal Data You have provided to us (access);
2. correction of incomplete, inaccurate or outdated Personal Data (rectification);
3. the revocation, at any time, of Your previously given consent to Personal Data processing as well as information on the possibility of You not consenting to certain data processing and the consequences of not giving Your consent (revocation);
4. anonymization, blocking, or deletion of Your Personal Data that is unnecessary, excessive, or processed in violation of the GDPR (erasure);
5. object to the use of Your Personal Data for specific purposes (objection);
6. restricting the processing of Your Personal Data (restriction); and
7. the portability of Your Personal Data to another service or product provider (portability), as well as information about the public and private entities with whom we share data.
To exercise any of the rights, You must send a request to the email address; dataprotection@kuady.com which must comply with the following requirements and documents:
(i) full name of the data subject;
(ii) A copy of the document that proves Your identity with both sides, where applicble;
(iii) if the interested party appears through a legal representative, the latter must also show, by the same means, the documents proving the legal representation (simple power of attorney signed by the interested party, the attorney-in-fact and two witnesses, accompanied by a copy of the identifications of the agent and the two witnesses); and
(iv) A clear and precise description of the Personal Data in respect of which You are seeking to exercise any of Your rights.
Requests will be dealt with under the terms provided for in the GDPR, through Our data protection officer, who can be contacted for questions or clarifications through the email address, above.
Complaints about the Processing of Personal Data.
If You have a complaint about the way we process Your Personal Data, please contact Us in the first instance in the hope that we can resolve the matter with You. You should address Your email to dataprotection@kuady.com.
However, if You do not wish to communicate Your concerns to Us or we have not responded satisfactorily to Your data protection complaint, You have the right to lodge a complaint with the Isle of Man Information Commissioner, P.O. Box 69, Douglas, Isle of Man, IM99 1EQ Telephone: +44 1624 693260 Email: ask@inforights.im.
How can You find out about changes to this Privacy Policy?
This Privacy Policy may be modified, changed, or updated as a result of new legal requirements, Our own needs for the products or Services we offer, Our privacy practices, changes in Our business model or other causes.
The procedure through which notifications about changes or updates will be made will be through an informative note on our Kuady website, push notification on the Kuady App, by email or any other technological means available at the time.
Meaning of Terms
The terms in UPPERCASE used in this Privacy Policy shall have the meaning assigned to them in the Kuady Terms and Conditions, unless otherwise stated in this Privacy Policy.
Publication Date: v2 14 November 2024
