When you use our payment services as a user, we process data about you to provide you with our services. This may include setting up your digital e-Wallet or Crypto wallet, paying and collecting on online sites, depositing and withdrawing money, transferring money, collecting money with payment links, purchasing, sending and using gift cards or vouchers, creating debit cards, registering and using our mobile AstroPay app, increasing your spending limits, and contacting us about our services in general.
To provide you with our services, we may need to process data about your full name, address, phone no., email address, IP address and date of birth. When we need to verify your identity before providing our services, we may also need to process data about your gender, nationality, passport issuing country, principal citizenship country, passport number, and your previous residency address if the residency address has changed in the last 3 years. If you want to make a limit increase as a part of a loyalty level program, you as a user have to send ID documents and a bank statement or proof of income or use one of our third-party validators to confirm that you have the spending capacity to increase the limits.
We process data about you to enter into an agreement with you as a user of our services (GDPR Article 6(1)(b)). When we need to verify your identity, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
The data primarily comes directly from you as a user of our services. In some cases, the data may also come from a merchant of our services.
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the customer relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
When signing up as a merchant with us, we may process data about you as contact person and about the business you represent. This includes data about your first and last name, email address, phone no., Skype username, company name, website, industry, total payment volume (TPV) and any message you may leave together with your submission.
When you use our payment services as a merchant, we process data about you to provide you with our services. This may include setting up your digital e-Wallet or Crypto wallet, paying and collecting on online sites, depositing and withdrawing money, transferring money, collecting money with payment links, purchasing, sending and using gift cards or vouchers, creating debit cards, registering and using our mobile AstroPay app, increasing the spending limits for your user(s), and contacting us about our services in general.
To provide you with our services as a merchant, we may need to process data about your company name, company contact name, company email address, company operating address, company registered address, company telephone no. (direct), company website, list of registered company directors, list of company shareholders > 25%, industry type/classification, company registration certificate, company address and proof, company bank details and statements, length of time trading, business description, bank name, bank address, bank sort code, bank account number, IBAN/BIC, annual turnover, average transaction value and peak months.
We process data about you to enter into an agreement with you as a merchant of our services (GDPR Article 6(1)(b)). When we need to verify your identity and or business credentials, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the customer relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
When you sign up to get contacted by an advisor to become an official AstroPay distributor (reseller), we may need to process data about your name, email address, phone no., country and any message you may leave together with your submission.
We process data about you to enter into an agreement with you as a reseller of our services (GDPR Article 6(1)(b)). When we need to verify your identity and or business credentials, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the reseller relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
When you fill out the contact form to get contacted by AstroPay as an affiliate candidate, we may process data about your name, email address, phone no., country, Skype username, company name, website and industry.
We process data about you to enter into an agreement with you as an affiliate of our services (GDPR Article 6(1)(b)). When we need to verify your identity and or business credentials, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the affiliate relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
As a financial payment provider, we may be required by national legislation to have so-called Customer Due Diligence (CDD) or Know-Your-Costumer (KYD) verification procedures in place to prevent money laundering or terrorism financing activities via our services.
As such, when we onboard you as a physical user, merchant, reseller or affiliate for the use of our services, we may need to collect data about you to verify your identity. This data may include your full name, place and date of birth, permanent residential address, identity reference number or tax reference number, nationality, phone no., email address, unexpired national or other government-issued identity card, passport, driver’s licence, data about politically exposed persons (PEP) and family relations or business relations to PEP and descriptions of unusual or suspicious situations or transactions.
If you are a business or legal person or is representing a business or other legal person, we may need to collect data about your business or legal person to verify its identity or ultimate beneficial owners. This data may include the business’ full name, company registration number, date of incorporation or registration, registered address or principal place of business.
In cases where AstroPay finds an activity or transaction unusual or suspicious, and may be involved with money laundering, AstroPay is required to send information about the transaction to the national anti-money laundering authorities and other competent authorities.
The data used to verify your identity or your business’ identity is processed by us based on our legal obligation to comply with the anti-money laundering and counter-terrorism regulations to which we, as a controller, are subject (GDPR Article 6(1)(c)). We may also process data about you for security related reasons based on our legitimate interest in keeping our customers and services secure (GDPR Article 6(1)(f)).
The data obtained for the identification procedures, including copies of documents, is kept by us for up to 10 years in accordance with the anti-money laundering regulations. We keep the background data, including the original documents (or legalised copy), of the transactions or situations classified as unusual or suspicious, for at least 5 years or up to such a period as may be required by the relevant national regulations and national financial supervisory authorities’ guidelines, which may be up to 10 years.
To prevent fraudulent use of our services or other criminal activities, we may collect statistical data to monitor transactions from time to time in accordance with our obligations as a financial payment provider set out by the relevant national financial supervisory authorities.
As part of our transactional monitoring and fraud prevention activities, we may collect and process the following types of data: Any unusually high transaction amounts, previous spending patterns, approved and accepted merchants, level of declines, splitting of transactions to gain an authorisation, the country of spending, IP address of purchase, average consumption per user, rejected transactions, times, dates and spread of transactions, login/registration information (IP address of login, user-agent, email address, passwords), name, gender, date of birth, address, country, phone no., use of VPN or Proxy, ID, and proof of address.
The data collected to monitor transactions and to prevent fraudulent use of our services is processed by us based on our legal obligation to comply with the to which we, as a controller, are subject (GDPR Article 6(1)(c)). We may also process data about you for security related reasons based on our legitimate interest in keeping our customers and services secure (GDPR Article 6(1)(f)).
We store relevant contact and identification information as part of our collaboration and our fraud prevention obligations as a financial payment provider. We delete the information continuously, however information required to comply with our obligations as a financial payment provider may be stored for up to 5 years.
As part of our ongoing efforts to further develop and optimise our payment services, we wish to collect and use a variety of data points for analytical purposes to learn how our users and customers interact with our services. These data points may be collected when you sign up for or use our services and via cookies.
The data we may collect in this regard include your full name, gender, ID, birth date, company, address, country, phone no., email address, IP address, account information, payment information, transaction history, obfuscated card no., purchase patterns, type of user, service used, dates, type of transaction, amount of the transaction and application logs.
The above data points are typically anonymised or aggregated before they are used in our data analysis. In case we need to process your personal data directly for the above purposes, we will collect your explicit consent prior to our processing (GDPR Article 6(1)(a)) when we deliver our services to you. You can withdraw this consent at any time. We may also process data on your preferences and interactivity with our services based on our legitimate interest to optimise our services and providing a better service to you if this does not conflict with your interests and fundamental rights and freedoms (GDPR Article 6(1)(f)).
We retain any non-anonymised or non-aggregated data about you for a maximum of 3 years before they are deleted or anonymised.
If you have signed up for our promotional or operational notifications or other communications, we need to process your data when we send out notifications and other communication initiatives. We only process data about your name, country, phone no. and email address.
We process your data based on your consent (GDPR Article 6(1)(a)). You have the right at any time to withdraw your consent by writing to dataprotection@astropay.com or by unsubscribing via the link that appears in each notification or other communication initiative.
We also hold certain promotional events, or “promos” or “draws”, that you can participate in to win prices. To participate, we may ask you to sign up to our services via the AstroPay app via a promotional code, by depositing money with your AstroPay account, or a third option depending on the circumstances of the promotional event. We may need to process data on your account information to verify your credentials, such as your full name, address, phone no., email address, IP address, date of birth, gender, passport, principal citizenship country and passport number.
We process your data based on your consent (GDPR Article 6(1)(a)). You have the right at any time to withdraw your consent by writing to dataprotection@astropay.com or by unsubscribing via the link that appears in each notification or other communication initiative
We keep documentation of your consent for 2 years after you have unsubscribed from our notification or communication initiative, as any criminal liability expires after this period. Data related to participation in promos are kept for 3 years.
When we enter into agreements with suppliers and business partners, we may process data on you as their contact person. This includes data regarding your name, position, phone no., email address and, if necessary, payment information.
The data is processed to enter into an agreement with the specific supplier or business partner (GDPR Article 6(1)(b)). If your data as a contact person is not directly involved with the contractual relationship with our supplier or business partner, we may still process your data based on our legitimate interest to communicate effectively with our suppliers and business partners (GDPR Article 6(1)(f)).
We store relevant contact information as part of our collaboration. Written correspondence is deleted continuously and at the latest up to 5 years to document the relationship with the supplier or business partner. Data required to comply with the local bookkeeping regulations is stored for current financial year plus 5 years.
We collect data about you when providing support services and handling any complaints you may have. The data includes your name, ID, address, email address, phone no., company, position, information related to your complaint, notes on verbal complaints, photos of your payment cards and any additional information that you may send us.
The data is processed based on our legitimate interest in providing you with our support and handling any complaints you may have in order to improve our customer satisfaction, and to make sure that we resolve any issues you may have (GDPR Article 6(1)(f)).
We store the data regarding the support of complaint inquiry for as long as we are handling the inquiry, and up to 5 years after the resolution of the complaint or support inquiry.
Your personal data can be shared with the following categories of parties:
You may contact us at dataprotection@astropay.com if you wish to get a copy of the legal transfer basis we use or where you can read more about it.