I. DEFINITIONSController means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Cookie refers to a small piece of text that websites send to the browser, and which is stored on the User’s terminal, which may be a personal computer, a mobile phone, a tablet, etc.
Customer - means an individual or legal entity, who buys or has bought goods/work/ services of the Merchant.
Counterparty - any individual or legal entity with which the Company enters into business relations both on the basis of an agreement and due to actual circumstances (including, but not limited to, under the Accession Agreement on the Company’s website).
Employees - individuals - employees of the Company, who are such both on the basis of employment contracts and as a result of actually established civil labor relations, including the head and members of the Company management Bodies.
Merchant (peyee) - a legal entity or an individual, receiving funds from the Customer for goods/work/services, including via the Internet.
Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.
Processor means a individual or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.
Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools, with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, as well as the implementation of any other actions in accordance with applicable Law.
Payment System (hereinafter as the Company) – Geltano Payments LTD., carries out the processing of personal data.
Personal data - means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, economic identity of that natural person.
Restriction of processing - means the marking of stored personal data with the aim of limiting their processing in the future;
The Company’s Website - means the Company’s website available at https://geltano.com. excluding any external resources, references to which may be contained on the website in the form of hyperlinks or in any other form.
All other matters, definitions or terms not covered by the present Policy shall be governed by the Accession Agreement available on the Company’s website or applicable Law.
II. SCOPE AND PURPOSEThe purpose of the present Policy is to inform the client about the ways the Company handles and protects client’s personal data complying with the applicable legislation of Canada and the EU and to illustrate, in connection with the protection of natural persons with regard to the processing of personal data and on the free movement of such data, what information we collect and why, as well as how we utilize it and what options on the website our clients can access.
- The purposes of processing personal data of the Company are:
- accounting and interaction with clients and counterparties of the Company;
- prevention of money laundering and terrorist financing activities
- prevention of fraud, corruption and other illegal activities;
- implementation of monetary transactions with counterparties;
- providing information support to customers, users of the Company website;
- coordination and accounting of contracts with counterparties of the Company;
- conducting personnel records management and settlements.
- authentication of employees when working with corporate resources.
2. The Company processes only those personal data that are necessary for:
- conclusion of any contracts with the subjects of personal data and their further execution;
- conducting activities of the Company;
- control and improvement of the quality of the Company services and services, including those offered on the Company’s Website
- providing personal data subjects with services and services of the Company, as well as information on the development of the Company of new products and services, including advertising;
- feedback with the subjects of personal data, including the processing of their requests and requests, informing about the work of the Company Website;
- prevention of money laundering and terrorist financing activities by complying with the requirements of international and national legislation and the Company’s Anti Money Laundering Policy and «Know Your Customer»;
- prevention of fraud, corruption and other illegal activities;
- conducting personnel work and organizing accounting of the Company Employees, regulating labor and other relations directly related to them;
- attraction and selection of candidates for work in Anti Money Laundering Policy;
- formation of the necessary reporting;
- in order to comply with the requirements of the current legislation of the country whose data is received, processed and stored by the Company
3. The Company processes personal data of the following categories of personal data subjects (hereinafter as the Subject):
- individuals, customers, users and visitors of the Company website;
- customers of the Merchants who directly or indirectly use the Company’s services and provide their personal data to the Company in the process of purchasing goods/works/ services of the Merchants;
- counterparties, their representatives and counterparties contact persons, in scope and within the period, necessary to perform under the contracts, whose party or guarantor is such personal data subject;
- beneficial owners of the legal entity - Merchant or other counterparty of the Company with which it has concluded a civil law contract;
- directors, shareholders, founding members, shareholders/company member spouses, shareholder heirs, Board of Directors members, in scope and within the period to achieve purposes, stipulated by the Laws, to exercise and follow the company’s obligations, authorizations and functions as stipulated by the Legislation;
- the Company’s employees;
- individuals who are employees of the Company counterparties;
- candidates to fill vacancies, in scope and within the period, necessary to enter into a contract, whose party, beneficiary or guarantor will be such personal data subject;
- parties of the legal proceedings, involving the Company, in scope and within the period as required for law enforcement as well as to ensure Company’s activities lawfulness and protect the Company’s lawful rights and interests;
- guarantors under commercial loans, in scope and within the period as necessary to enter into agreement, according to which such personal data subject will be a beneficiary or guarantor;
- persons, involved in courier delivery, in scope and within the period as necessary to exercise rights and lawful interests of the Company or other parties;
III. GENERAL PRINCIPLES- The Company Geltano Payments LTD. is committed to your data protection and data privacy. We recommend you read the present Privacy Policy to better understand what information we collect, how we use it, and who we may share it with. Additionally, this Privacy Policy will provide you with details on how you can control the use and disclosure of your information.
- The Company Geltano Payments LTD. is considered a «data controller» as it relates to any Personal Data or Personal Information (as those terms are defined by applicable law) shared in connection with your use of our website, including your customer information, as applicable. By visiting, joining, or using our websites or application, or otherwise indicating that you agree to this Policy available on the Company’s website, you agree to, and authorize our use of your Personal Information as described in this Privacy Policy.
- This Privacy Policy and the conditions for the processing of personal data (hereinafter referred to as the Policy) defines the Company’s policy regarding the methods of collecting, processing, protecting and storing information about personal data subjects, which the Company and / or its counterparties can receive and process in the course of their activities.
- This Policy applies to all Company’s processes within which personal data is received and processed, both with the use of automation tools, including in information and telecommunication networks, and without the use of such tools.
- The Company in its activities proceeds from the fact that the subject of personal data provides accurate and reliable information and, during interaction with the Company, notifies the representatives of the Company about changes to their personal data.
- In case of disagreement with the terms of the Policy, you must stop using the site and services of the Company.
- It is possible to revoke the consent at any time you like by sending an informal e-mail. The relevant contact details are provided in the present Policy.
- Collection, processing, storage, clarification (updating, changing), retrieval, etc. personal data is carried out in strict accordance with the requirements of the current legislation of the country whose citizens' data is received and processed by the Company.
- Processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, intimate life, the Company is not carried out.
- There is no cross-border transfer of personal data of the Company.
- When collecting the personal data, the Company takes into consideration all the necessary organizational measures and principles governing the processing of personal data:
• it shall be subjected to legitimate and lawful processing in a transparent manner,
• it shall be collected for specified, express and legitimate purposes and shall not be subjected to further processing in any way incompatible with the purposes for which this data is collected by the Company,
•only the appropriate and relevant data shall be collected, limited to the necessary purpose for which it has been collected,
• it shall be accurate and updated as necessary,
• it shall be retained only for as long as required by the Law and for the purposes for which it has been collected,
• it shall be subjected to processing in a manner guaranteeing required security against non-authorised or unlawful processing and accidental loss, destruction or wear, among other things, through the use of suitable techniques and or organizational measures,
• when we transmit your personal data whether to another person who carries out the processing on behalf of the Company, the necessary measures shall be taken by us for the protection of your personal data, as for example through the conclusion of specialized contracts for data processing. A person who processes personal data on behalf of the Company is obliged to comply with the principles and rules for the processing of personal data and is liable to the Company. The Company is responsible to the subject of personal data for the actions of the authorized person to whom the Company entrusted the processing of personal data.
12. The processing of personal data of the Company is carried out in the following ways:
- manual treatment personal data;
- automated processing of personal data with or without transmission of the received information via information and telecommunication networks;
- mixed treatment personal data.
13. The Policy is valid indefinitely until replaced by a new Policy. The Policy may be amended at any time, the current version is posted on the Company’s website. The new version of the Policy will be valid from the moment it is published on the Company’s website.
IV. DATA PROCESSING AND AUTOSAVING- When Users browse the website, read its pages, and download the information contained in it, the website acquires some navigation data, the transmission of which is implicit in internet communication protocols.
- This may include user IP addresses, type of browser used, access website addresses, pages visited within the site, access time, the code indicating the response status given by the server and other parameters relating to the operating system and the User’s IT environment.
- When clients or potential clients visit our website, the way you are doing right now, the web server collects and saves the following data:
•The address (URL) of the web page you visit;
• The used operating system;
• The browser and its version;
• Date and time;
•The address (URL) of the page you visited before (referrer URL);
•The hostname and the IP address of the device via which the website was accessed;
• Web server log files.
4. This data is needed to use web services and is not collected to be associated with identified data subjects but is used to make the site more useful for its visitors, to obtain aggregated and anonymous statistical information on the use of the site and to check its proper operation. No information on Users/visitors will be sold, shared or used for commercial purposes.
5. Web server log files tend to be stored for half-month and are deleted automatically when this period ends. We do not disclose this information to anyone, but the risk of this information being accessed by third parties illegally still exists.
6. Lawfulness of processing - Company legitimate interest should take place in maintaining our website’s faultless operation by gathering web server log files.
V. STORAGE OF PERSONAL DATA- Personal data that the visitors provide to our website, including name, postal address, email address, or other personal details when completing a form or leaving comments, along with the IP address and time, will only be utilized by us for the purpose mentioned here, will be stored securely and will not be obtained by third parties.
- We will not disclose personal details without your allowance, but it is not possible to exclude the risk of this information being accessed by someone else illegally.
- In the case of sharing personal data via email, which implies that you do it outside our website, we cannot guarantee that it will be safe and secure. Our recommendation is to avoid sending confidential information by email with no encryption.
VI. TLS ENCRYPTION WITH HTTPS - The Company utilizes HTTPS to spread the data over the internet in an interception-proof way, which means that the information is protected via technology with the help of TLS (Transport Layer Security), an encryption protocol applied to spread data over the internet securely.
- We can guarantee that your data is protected and remains confidential. You can see that this data transmission security system is applied with a little lock symbol located in the browser’s upper left corner as well as the «HTTPS» scheme used as a part of the website’s address.
VII. Use of Cookies1. General information.1.1. To store user-specific data, our website utilizes HTTP cookies.
1.2. Cookies can be either first-party cookies built by our website or third-party cookies developed by other websites (e.g. Google Analytics).
1.3. The three categories of cookies are:
• Functional cookies to guarantee the website’s performance;
• Essential cookies to keep the basic functions operating;
• Targeted cookies to enhance the user experience.
1.4. The Company use cookies for the following purposes:
• to log in at the Company’s website as registered user, provide Company’s services;
• to identify and recover errors at the Company’s website;
• to support the Company’s website operation and improve its performance and quality;
• to decrease risks, prevent possible fraud, ensure safe use of the Company’s website;
• to store users’ personal preferences and settings;
• to provide targeted information about products and services of the Company and its partners;
• to improve products and/or services, to develop new products and/or services;
• to maintain analytics.
1.5. Thanks to the use of cookies, our website is easy to navigate. Some of them are kept on your device until you delete them. They make it possible for us to recognize the browser when you start navigating the website next time
2. Set, delete or disable cookies2.1. If you are willing to delete the cookies, to change the cookies settings or to figure out which cookies are stored, You have to open your browser settings:
• Chrome: Activate, delete, and manage cookies in Chrome;
• Safari: Manage cookies and website data with Safari;
• Internet Explorer: Delete and manage cookies;
• Firefox: Delete cookies to remove data that websites have stored on your device.
2.2. t is possible to set the browser to notify you when cookies are stored and ask you to approve it every time if you do want to store your data through cookies. Moreover, you are free to disable or delete cookies that are already stored on your device at any time.
2.3. The process is different for every browsers. For this purpose, you can check the instructions on Google with the help of the phrase «Disable cookies Chrome» or «Delete cookies Chrome» if it is Chrome, or you can put the name of your browser instead of «Chrome», for example, Safari, Edge, or Firefox.
2.4. Some pages and features on our website may not work properly if there is no allowance to use cookies from your side (i.e., you get them disabled in settings).
VIII. RIGHTS OF THE SUBJECT TO ACCESS AND CHANGE HIS PERSONAL DATA- The subject can view and edit his personal information in his account at any time. To do this, he needs to log in to the website of the Company.
- To ensure compliance with the rights of personal data subjects established by law, the Company has developed and introduced a procedure for working with appeals and requests from personal data subjects, providing personal data subjects with information established by law.
- Our visitors have the following rights:
• Right to information;
• Right to erasure («right to be forgotten»);
• Right to restrict data processing;
• Right to be notified – obligation regarding rectification or erasure of personal data or restriction of processing;
• Right to data portability;
• Right to object;
• Right not to be subject to a decision based solely on automated processing, including profiling.
4. The subject at any time has the right to send a written application to the Company about the termination of processing (withdraw consent to processing). At the same time, the Subject acknowledges and agrees that from the moment the application for termination of processing (withdrawal of consent to processing) is sent, the use of the services, the Company’s website becomes impossible or the possibilities of such use are limited.
5. Persons who provided the Company with false information about themselves, or information about another subject of personal data without the consent of the latter, are liable in accordance with applicable law.
IX. OBLIGATIONS OF THE COMPANY- The Company undertakes to:
1.1. carry out the processing of personal data in compliance with the principles and rules provided for by the current legislation of the country of the subject;
1.2. not disclose to third parties and not distribute personal data without the consent of the subject of personal data, unless otherwise provided by the current legislation of the country of the subject;
1.3. provide proof of obtaining the consent of the subject of personal data to the processing of his personal data or proof of the existence of grounds according to which such consent is not required;
1.4. in cases provided for by the current legislation of the country of the subject, to process personal data only with the consent in writing of the subject of personal data;
1.5. provide the subject of personal data, at his request, with information related to the processing of his personal data, or, on legal grounds, refuse to provide this information and give a reasoned response in writing, within a period not exceeding thirty days from the date of the request of the subject of personal data or his representative, or from the date of receipt of the request of the subject of personal data or his representative;
1.6. if the provision of personal data is mandatory, explain to the subject of personal data the legal consequences of refusal to provide his personal data;
1.7. take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data. A description of the measures taken is given in Section X of this Policy;
1.8. at the request of the subject of personal data, make changes to the processed personal data, or destroy them, if the personal data is incomplete, inaccurate, outdated, illegally obtained or not necessary for the stated purpose of processing within a period not exceeding 7 working days from the date of submission by the subject of personal data or his representative of information confirming the specified facts, as well as notify the subject of personal data or his representative about the changes made and the measures taken and take reasonable measures to notify third parties to whom the personal data of this subject were transferred;
1.9. organize the accounting of appeals and requests of personal data subjects;
1.10. notify the subject of personal data about the processing of personal data in the event that personal data was not received from the subject of personal data. The following cases are an exception:
• the subject of personal data is notified of the processing of his personal data by the Company;
• to which the subject of personal data is a party or beneficiary or guarantor;
• personal data is made publicly available by the subject of personal data or obtained from a publicly available source;
• providing the subject of personal data with the information contained in the notification on the processing of personal data violates the rights and legitimate interests of third parties.
1.11. in case of unlawful processing of personal data or inaccurate personal data, eliminate the identified violations;
1.12. immediately stop personal data processing and erase respective personal data once the personal data processing purpose is achieved, latest within thirty days from the personal data processing purpose achievement, unless otherwise is provided for in the Laws;
1.13. stop personal data processing and erase personal data if the personal data subject withdraws their consent to process personal data, latest within thirty days from receipt of such withdrawal;
1.14. immediately stop personal data processing once the subject requests to stop personal data processing for the purposes of goods, works and services market promotion;
1.15. notify personal data subjects, located on the territory of the European Union, and the supervisory authority, responsible for personal data subjects rights protection, in case of a personal data breach, within 72 hours after becoming aware of a data breach.
X. MEASURES TO ENSURE PERSONAL DATA PROCESSING SECURITY- The Company shall, while processing personal data, take necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access, erasure, modification, restriction, copying, transmitting, disseminating, as well as from other unlawful actions with personal data.
- Personal data security shall be ensured in particular through:
– determining personal data security threats at its processing in the personal data information systems;
– determining personal data protection levels at its processing in the personal data information system;
– employing organizational and technical measures to ensure personal data security at its processing in the personal data information systems, necessary to comply with the requirements to personal data protection, whose observation ensures achieving personal data protection levels, stipulated by the Law;
– assessing efficiency of the measures, being taken to ensure personal data security, before putting personal data information system in operation;
– registering personal data mediums;
– identifying facts of unauthorized access to personal data and taking measures to remedy revealed violations;
– restoring personal data, modified or erased as a result of unauthorized access;
– setting rules of access to personal data, processed in the information system, as well as ensuring registering and recording all actions made with the personal data in the personal data information system;
– controlling of the implemented security measures to ensure personal data protection levels at its processing in the personal data information system;
– In storage personal data of citizens of Russia, the Company uses databases located on the territory of the Russian Federation
XI. Contact InformationFor all questions regarding this Policy, please contact using the email address:
[email protected]