Details of the personal data controller
For purposes connected with the provision of payment services:
The data controller for customers living in the countries of the European Economic Area is EasySend Polska Sp. z o.o., registered address: al. Grunwaldzka 223, 80-266 Gdańsk, Poland, KRS No.: 0000428401, NIP No.: 5272681399.
The data controller for customers living in the United Kingdom is EasySend Limited, registered address: 55-59 Adelaide Street, Belfast, BT2 8FE, United Kingdom, registration number in the Companies House: NI6077336. The company is registered by the ICO as a data controller at number Z2973216.
For the purposes connected with operation of the EasySend platform:
Both of the above-mentioned companies are operators of the platform available on www.easysend.pl, www.easysend.eu and www.przelewydopolski.co.uk, and of the mobile EasySend App. As a result, both companies are data controllers for the personal data processed for the purpose of service provision through the platform.
Terms such as “EasySend,” “Company” or “we” refer to one of the entities specified above, depending on the place of residence of the User
Type of personal data collected and processed by EasySend
The data we collect and process about you include (among others):
- Identification and contact information – full name, date of birth, photograph, address of residence, email, telephone number. Some of this information might be provided when signing up to our Website via a social media profile.
- Identification information in the form of a document – photocopies or scans of identity documents (e.g. ID, passport, driving licence, etc.) and documents confirming address of residence (e.g. a bank statement, utility bill, etc.).
- Login credentials for the Website.
- Information about the transactions you make: your full transaction history – transaction dates, types and amounts, payment methods, purpose of your transfers, any reference you may add to your transfers.
- Financial information – bank account details, debit card details (tokenized), source of funds information.
- Other information, e.g. recorded phone calls or history of our correspondence with you.
- Social media information – when you choose to sign up to our Website by using your social media profile or when you share your post with us, etc.
- Technical data regarding your visit on our Website, including: log history (IP address, User Agent data, date stamp), page interaction information, incoming source, e.g. referrals.
We also collect and process information on other people that has been provided by you. The data are e.g. your recipients’ details and the list of people (their email addresses) whom you want to recommend our services to when you participate in our Referral Programme. By providing this information to us you confirm that you have obtained the necessary permission to share such data with us.
How do we collect personal and other data?
EasySend collects personal data depending on the type of service used.
You give us information when you:
- register with our Website to use our services (online or at our agent location),
- fill out our money transfer form (online or at our agent location),
- update your online profile,
- contact us (send emails to us, call us, use our chat or the contact form on our Website) or when EasySend contacts you.
We obtain information from the following sources:
- from publicly available databases, from third-party specialized providers of identity confirmation services, and as a result of identity verification processes,
- from cookies – when you browse our Website,
- from social media widgets – installed on our Website,
- in the form of log details – when you log in to our Website.
The purpose of data processing
We use personal data in order to conduct our day-to-day business activity including:
- providing money transfer services and all activities related to that process,
- communicating with you,
- administering, improving and personalizing our Website,
- complying with the legal obligations imposed on EasySend, e.g. performing identity checks,
- detecting and preventing fraud on our Website,
- performing all kind of research, analysis and statistics activities,
- direct marketing,
- sending newsletter.
Legal basis for data processing
- agreement on the provision of services (pursuant to Article 6(1)(b) of the GDPR);
- legal obligation imposed on EasySend (pursuant to Article 6(1)(c) of the GDPR);
- your consent (pursuant to Article 6(1)(a) of the GDPR);
- our legitimate interests (pursuant to Article 6(1)(f) of the GDPR), which are:
- detecting and preventing fraud on our Website,
- direct marketing (excluding newsletter),
- pursuing of claims,
- providing secure Website experience,
- business performance reporting,
- adjusting the Website to our customers’ needs,
- preparing and sending the required communications,
- receiving your feedback on our Website.
We might share your personal data with third parties for the following purposes:
- to realize the provisions of the Terms and Conditions or in case of protection of rights, property or safety of EasySend or the services we provide,
- to comply with the regulatory requirements and legal obligations,
- in case of sale or transfer of EasySend’s business or its part,
- for the purpose of processing a transaction that is conducted by third-party service providers,
- in case relevant authorities, agencies or institutions contact EasySend to disclose users’ data for ongoing investigation or proceedings. We might also report to relevant agencies and exchange information with relevant companies about cases that in our opinion could be evidence of illegal activity conducted on our Website or of extortion attempts,
- when we cooperate with service providers who carry out business support services for us (e.g. administration, marketing, IT support, Call Centre) – only to the extent necessary to provide such services.
Based on the above purposes, we share data with the following groups of data recipients:
- contractors and third parties who provide outsourcing services on our behalf, such as customer support services, IT support processes, sales and marketing processes,
- hosting service provider,
- Website troubleshooting tool service providers,
- identity verification tool providers (more information can be found here: https://www.transunion.co.uk/legal-information/bureau-privacy-notice),
- public bodies and institutions,
- payment processing solutions providers,
- communication tools providers,
- online services optimization tools providers,
- banks and other payment institutions – for the purpose of executing transfer orders – when we receive funds for the transfer from you, as well as when we provide these funds to the recipient,
- project management tools providers,
- newsletter management and sending tool providers,
- social media providers,
- legal and regulatory advisors.
We use third-party service providers for remarketing purposes, that is for displaying our advertising within their networks. These companies use various technologies, including cookies, to present you with marketing content that suits your interest. When you visit our Website, it automatically places third parties’ cookies in your browser. This allows for tracking your online behaviour, e.g. seeing if you have already visited our Website. This information, as well as your behavioural and demographic profile (created on the basis of your browsing history, location, age, gender, etc.), is then used so that we can display our ads when you browse the internet. We also use our customers’ details, like email addresses, to match them within our third-party service providers’ networks so that the said providers can display marketing content personalized by us.
If you do not wish for your information to be used in such a way, you have to change your browser privacy settings:
- Google Chrome: https://support.google.com/chrome/answer/114836?hl=pl&co=GENIE.Platform%3DDesktop
- Mozilla Firefox: https://support.mozilla.org/pl/products/firefox/privacy-and-security
- Internet Explorer: https://support.microsoft.com/pl-pl/help/17479/windows-internet-explorer-11-change-security-privacy-settings.
Marketing communication preferences
We need your explicit consent to provide you with marketing content via electronic communication channels. You can consent to receiving information about special offers, promotional codes or other promotional materials from EasySend directly to your email address or phone number (text messages or phone calls).
In order to record your marketing preferences, EasySend created a special tool, available for registered users only.
Transferring data outside the EEA
Some of our service providers are established outside the EU. Therefore, your personal data might be transferred outside the EU as well. Due to the necessity to provide adequate level of data protection, we use appropriate clauses in agreements with our partners that are compliant with the decision of the European Commission 2010/87/EU on standard contractual clauses for the transfer of personal data to processors established in third countries. The decision can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en.
Storage and security of personal data
We store personal data on servers located in the European Union. We implement the highest level of security standards to protect it as well as comply with relevant regulations and laws in this matter.
All the activities conducted through our Website are performed using encrypted connections that employ HTTPS and TLS (Evaluation) protocols. The data transmitted this way are not visible to other internet users. Nevertheless, you should be familiar with and follow rules for online security. For more information please visit: https://www.getsafeonline.org/protecting-your-computer/safe-internet-use/.
As a user of our Website, you are responsible for keeping all your login details secure and you should not disclose them to any third parties. We store your password, encrypted, on our servers.
EasySend has established processes to restrict the access of its employees to personal data of its users. It means that only some of our employees and only when there is an actual need for it, as well as only within the scope of work for a given position, can access and process the data. To better protect your data and whenever it is possible we use encryption and pseudonymization of personal data.
We also take into account security procedures used by our service providers. The companies we work with must comply with the highest data protection standards within their area of service.
Personal data collected by EasySend for the purpose of fulfilling AML/CTF regulatory requirements need to be stored by us for the period of 5 (five) years after the termination of the agreement with the customer or after the date of making a single transaction.
Personal data collected by us for the purpose of executing the agreement with you are processed for as long as they are needed for the correct agreement execution and, after the agreement is terminated, for the period needed to secure pursuing of claims.
Personal data processed by EasySend on the basis of your explicit consent will be used until you revoke your consent.
Personal data processed by EasySend on the basis of our business legitimate interest will be used until you object to the processing.
You should consent to receiving marketing correspondence from EasySend or withdraw this consent. You can do that by choosing the relevant option in your user settings accessible after logging in to our Website. Additionally, every marketing email sent to our users gives an opportunity to opt-out from receiving such correspondence in the future.
If an EasySend user provides us with personal data of a third party, it means that they have acquired this third party’s relevant consent.
Data subject rights
Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) gives the following rights to those people whose data are processed by us:
- Right to be informed about the processing operations
- Right of access to data
- Right to data rectification/supplementation
- Right to erasure (right to be forgotten)
- Right to restriction of processing
- Right to data portability
- Right to object
If you would like to execute your rights, please contact EasySend at email@example.com. We have one month to respond to your request. Please keep in mind that, as a financial institution and in order to comply with AML/CTF regulatory requirements, EasySend is obliged to retain your personal data, as well as all your transaction details and any additional documents for the required period of time (please see the data retention section above for more details). This is to prevent and detect possible money laundering and terrorist financing. These requirements overrule some GDPR provisions.
We have the right to decline a data subject’s request to execute their right of access or charge a reasonable fee for fulfilling such a request if it is excessive or unfounded.
If you believe that your right under personal data protection legislation has been breached, you have a right to lodge a complaint to:
– if you are a user living in the United Kingdom – the Information Commissioner’s Office; for more details, visit: https://ico.org.uk/global/contact-us/.
– if you are a user living in Poland or in another country of the EEA – the President of the Personal Data Protection Office; for more details, visit: https://uodo.gov.pl/pl/83/155. You may also contact any national authority overseeing personal data protection in the EU or EFTA countries if you live outside Poland – http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
It is important to us that the data we collect and store concerning our users be accurate and up-to-date. Therefore, we have set up processes and tools helpful in this regard. You can update your data on your own by logging in to our Website and using the data edit tab, or you can contact us.
Profiling, segmentation and automated decision making
We use profiling and segmentation only for the purpose of personalization of marketing communication and/or enhancing the user experience of our Website. We do this basing on such data as e.g. the country of residence, selected language or the most popular products. Currently, we do not use automated decision making tools. Furthermore, our profiling and segmentation do not cause legal effects for the customers.
We might, however, use profiling for the purpose of prevention of fraud on our Website. This type of profiling might cause legal effects for our customers. We are, however, legally obliged to prevent fraud on our Website by anti-money laundering regulations.