On 25th of May 2018, all companies became subject to the General Data Protection Regulation (GDPR), which puts safeguards into the company's process in the way Personal Data is protected. The General Data Protection Regulation (GDPR) (EU) 2016/679 is the EU regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. This was an essential step to strengthen Your fundamental rights and to enhance legal certainty.
Wise Wolves Payment Institution Limited is a company incorporated under the laws of the Republic of Cyprus with registration number HE 361580 with registered office address at Spyrou Kyprianou 61, Mesa Geitonia, 4003, Limassol, Cyprus and a licensed Payment Institution number 18.104.22.168 (hereinafter referred to as the "WWPI" or the "Company")
WWPI respects Your privacy and recognizes Your right for transparency and integrity as to the way of collection and processing of Your Personal Data.
"Controller" - means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"Personal Data" - means any information relating to an identified or identifiable natural person (name, ID, location and any other factors specific to the physical, genetic, mental, economic, cultural or social identity of that natural person); The information for the legal entities such as businesses, partnerships, trusts or other organizations provided by its authorized person, signatory, partner, trustee, executor or a like shall be considered as appropriate.
"Processor" - means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller;
"Processing" - means obtaining, recording, storing, holding, using or carrying out any operation or set of operations on the information or data including organization, adaptation or consultation on the information or data, as well as disclosure by transmission, dissemination or otherwise making available, or alimenting, combining, blocking, removing or destructing of the information or data;
"Sub-Processor" - any processor engaged by the data importer or by any other sub-processor of the data importer and who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for the processing activities to be carried out on behalf of the data exporter after the transfer in accordance with the data exporter’s instructions.
WHAT INFORMATION WE COLLECT FROM YOU
WWPI is required to collect the following Personal Data:
- Personal information (name, address, email, telephone number, mobile number, temporary residential address, employment address, name of employer, personal status, i.e. identity card number, passport number, marital status, occupation, country of taxation and other);
- Financial information (income, source and size of wealth and other).
- Recording of the call conversations between You and the Company.
WWPI is also required to collect and keep all the documents which confirm the accuracy of provided personal and financial information (passport, ID, Utility Bills, Bank Statements, Internal passports, Bank References, CVs or any other information which may be requested by the Company in order to comply with the applicable law).
WWPI always makes sure that all Personal Data we collect is adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected and processed.
In cases where we receive data which was not requested or where information was unintentionally revealed, and the Company does not intend to use it for the purposes of processing or where data was received by mistake, WWPI shall notify You that such data was received and destroy it, unless You wish otherwise.
WHY WE COLLECT YOUR INFORMATION
According to the GDPR, WWPI acts as a Controller of Your Personal Data and determines solely or jointly with others, the main purpose and legal grounds for the collection and processing of Your Personal Data.
WWPI has outlined the following purposes and legal grounds:
- Execution of the contract. The collection and processing of Your Personal Data is necessary for entering into business relationship with You for the provision of payment services.
Compliance with legal framework within which WWPI operates. Namely, the Directive of the European Union on Payment Services in the Internal Market of 2015, which was further implemented into national law of the Republic of Cyprus through the Provision and Use of Payment Services and Access to Payment Systems Law of 2018, and the Prevention and Suppression of Money Laundering Activities Laws of 2007 to 2018 of the Republic of Cyprus implementing the relevant Anti-Money Laundering Directive of the European Union, as well as Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, together with other relevant laws applicable for the Anti-Money Laundering prevention and the laws applicable to the operation of the WWPI.
Compliance with these regulations requires from the Company to identify and verify personal information related to You and all connected persons, as well as exercise anti-money laundering controls, keeping and collecting Personal Data for the particular period of time and disclose such information to the supervisory and other regulatory authorities, etc.;
Legitimate interests pursued by the Company in order to protect its business environment, provided that such interests do not infringe the rights, interests and Your fundamental freedoms.
"Legitimate interests" is a heading that covers several different reasons why WWPI may need to collect and process Your Personal Data which may not be covered by other headings, such as: to prevent fraud or financial crime, to provide a better service, to transfer Personal Data between group entities for internal administrative purposes, or for the purposes of network or information security.
CATEGORIES OF RECIPIENTS OF YOUR PERSONAL DATA
Your Personal Data in the course of performing our contractual and statutory obligations may be disclosed to the following Processors, Sub-Processors and Controllers:
- Supervisory and other regulatory and public authorities, including government bodies; Some examples are the Central Bank of Cyprus (CBC) and the Unit for Combating Money Laundering (MOKAS);
- External auditors, lawyers, agents, consultants and other professional advisors subject to confidentiality agreements;
- Banks and other financial organizations subject to the confidentiality agreements;
- Employees of WWPI;
- Affiliated companies within the Wise Wolves Group Ltd.
WWPI may be required to transfer the information provided by You outside of the European Economic Area (for example, to the banks of the Russian Federation) for the purposes of executing the services provided in a manner as described under the WWPI’s Internal Policies. Such transfer is subject to Article 49(1)(b) and Article 49(1)(c) of the GDPR.
The Company ensures an adequate level of protection for any Personal Data processed by others on behalf of WWPI that it is transferred within or outside the European Economic Area.
Unless expressly declared by You, the Personal Data collected and keeping by WWPI will not be disclosed to any third party other than the above-mentioned recipients.
KEEPING PERSONAL DATA
In accordance with the laws and regulations of the Republic of Cyprus, WWPI is obliged to keep and update Your Personal Data for as long as WWPI provides its services to You. Upon the termination of the business relationship, Your Personal Data shall be kept for a minimum of five  years. After the legally required period lapses, Your Personal Data shall be destroyed.
However, WWPI will be required to keep Your Personal Data for the longer period of time if it is prescribed by laws, competent authorities or other regulations (such as pending legal proceedings or investigations).
WWPI takes all reasonable and appropriate steps to protect Your Personal Data from misuse, loss or unauthorized disclosure. The Company is doing this by having a range of appropriate technical and organizational measures.
You have the following rights in relation to the Personal Data provided by You to the Company:
- The right of access to or have a copy of Personal Data as well as some supplementary information on that data;
- The right to request rectification of incorrect data concerning You;
- The right for data portability if it should become relevant;
- The right to request, on legitimate grounds the erasure of Your Personal Data;
- The right to object the processing of Personal Data based on WWPI legitimate interests and/or processing of Personal Data for direct marketing purposes;
- The right to restrict processing of Your Personal Data;
- The right to withdraw consent, by written notice, if the process of Your data is based on consent. Please note that this will not affect the lawfulness of processing based on consent before it was withdrawn by You;
Please feel free to exercise the above rights by sending the relevant email to GDPR@wise-wolves.com.
Furthermore, You have a right to lodge a complaint regarding the processing of Your Personal Data by WWPI by sending a complaint to GDPR@wise-wolves.com and the Company's responsible officer will investigate the matter. In case where You are not satisfied with WWPI's response or if You feel that Your concerns have not been adequately addressed by the Company, You have a right to file a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus.
PERSONAL DATA BREACH NOTIFICATION
In case the Company becomes aware of Personal Data breach which may result in high risk to Your rights and freedoms, the Company shall without undue delay notify You of such breach and provide the following information:
- Type of Personal Data affected;
- The nature of breach;
- Steps the Company shall take in order to minimize any damage.
You should inform the Company immediately by sending an email to GDPR@wise-wolves.com of any possible damage, loss or misuse such breach may cause to You in order to assist WWPI assess all possible solutions promptly.
This document is only available in English. Any translated copies are not valid.