Tap Global Limited

Tap - Website & App Privacy Policy

Publication date 02.11.2019 Version 1.0

IMPORTANT INFORMATION:

This is the Privacy Policy that governs how we use personal data that we collect, receive and store about Customers in connection with the use of:

  • The website/portal features and services provided to you when you visit our websites or portals or apps.
  • When you apply to use and/or use our service.
  • Your use of software including mobile and desktop applications provided by Tap Global LTD; and
  • Email, other electronic messages including SMS, telephone, website/portal and other communications between you and Tap Global LTD.

Together these are all referred to in this policy as "Services".

Tap Global Limited ("TAP") is the company that provides the technology of the tap product and is also the Program Manager for your card. As such, TAP is the Data Controller for any personal data which you provide which is not related to the card. TAP is incorporated in Gibraltar with registration number 118724 and registered office at 57/63 Line Wall Road, Gibraltar GX11 1AA.

Please note that our partner, Transact Payments Limited ("TPL", "we", "our" or "us"), is the issuer of your payment card and is the Data Controller for the personal data which you provide to us in relation to the card only. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217. When you apply for a Tap Card, you accept TPL's Privacy Policy which is provided to you when you signup for a card, is available within the TAP mobile application and is available in this document below the TAP Privacy Policy. We encourage you to read the TPL Privacy Policy.

INTRODUCTION

This Privacy Policy explains our data practices and the choices you can make about the way your personal data is collected and used in connection with our Services. Data is collected and stored in accordance with the Data Protection Act 2004 and subsequent amendment in 2018. In this Privacy Policy, personal information or personal data means any information or data that may be used, either alone or in combination with other data, to personally identify an individual, including a person's name, personal profile, e-mail address, physical address or other contact information.

We strongly urge you to read this Privacy Policy carefully to understand our policies and practices regarding your personal data and how we will treat it. If you do not agree to this Privacy Policy, please discontinue and avoid using our Services.

By visiting https://www.tap.global ("Website") and/or using our Services, you are accepting and consenting to the practices described in this Privacy Policy as may be updated from time to time.



WHAT INFORMATION DO WE COLLECT AND WHY?

We receive, collect and use the information listed below as it is necessary for the adequate performance of the contract between you and us, to provide you the Services, to support our legitimate interests in better understanding, securing and improving our Services and overall performance, and to allow us to comply with our legal and contractual obligations.

We receive and collect personal information from you when you provide us your name, e-mail address and other information requested during signup. You may also provide us with personal information when we communicate using email or another communications mediums like telephones.

We receive and collect personal information from your browser about your use of the Services. We use "cookies", technical identifiers and other tracking technologies in order to provide and enhance our Services (please see our separate cookies policy).

We receive and collect personal information from other sources, such as, merchants, business partners, acquirers, payment service providers, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and fraud prevention agencies.

We collect the following information:

Information you give us: We receive and store any information including personal and financial information you provide to us including when you (or your business): enquire of or make an application for our Services; register to use and/or use any our Services; upload and/or store information with us using our Services; and when you communicate with us through email, SMS, a website or portal, telephone or other electronic means. Such information may include you or your customer's:

  • Company and business professional contact information, including name, address, phone number, fax number, e-mail address, domain names, and trade associations.
  • Background information regarding company management, such as beneficial ownership/persons of significant control - including first name and family name, date of birth, email address, billing address, username, password, address, nationality and country of residence.
  • Detailed company profiles.
  • Company operational histories, including territories, subsidiaries, affiliates, and lines of business.
  • Detailed trade and business credit information, including payment histories.
  • Business information regarding profitability.
  • Information about your friends/family/contacts for social, in-app and referral interactions.

Any other information that you or your customer provide.

Information we collect about you: We receive and store certain information whenever you interact with us; for example, by way of "cookies" or similar technology. We also obtain certain information when your web browser or mobile APP accesses our Services and other content provided by or on behalf of us on other web sites, or when clicking on emails including:
The Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, browser plug-in types and versions, operating system platform.
Information on your location during signup and active user sessions for fraud prevention.
Please also refer to our Cookies Policy, for more information and see the separate Cookies section of this policy, below:

Email and Other Communications: We may receive information about you and your use of our Services when we communicate with each other, including when you open email, messages from us and from the use of electronic identifiers (sometimes known as 'device fingerprints'), for example, Internet Protocol addresses or telephone numbers. Some of the information we collect may be classified as "personal data" under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.

Tap Global does not seek to collect any information in relation to a customer's race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.


TAP AND SOCIAL INTERACTIONS

Tap may use your personal information to enable social interactions through our services and to provide additional functions in order to deliver a better experience.
The types of information we use are:

  • Information you have provided
  • Information from your device (Contacts/Phonebook)
  • Geo-locational information.

HOW WE WILL USE YOUR INFORMATION

Your information (as above) will include information about you (and / or your business) and customers. If you give us information, including sensitive personal data, about yourself or other people, you agree (and confirm that the person the information is about has agreed) that we can use this information in the way set out in this policy.

We may use and share your information with our subsidiaries or affiliated companies, business partners, financial institutions, employees, professional advisors, sub-contractors, fraud prevention agencies and third-party service providers to help us and them:

  • To provide our Services to you and your business including fulfilling our obligations to you or to financial or other institutions in connection with the Services we provide to you (and / or your business).
  • To improve and develop our business, including without limitation to optimize our websites/portals, products and services.
  • To provide you with the information, products and services you have requested, or we think may be of interest to you.
  • To manage and enforce our rights, terms of use or any other contracts with you (and/or your business) for the provision of our Services.
  • To identify and authenticate your access to non-public parts of our Services.
  • To send you service and administrative e-mails and messages, including to inform you about important changes or developments in our Services, to provide you with important Services related notices, such as security notices, to notify about your transaction and to respond to a "Contact Us" or administrative request (for example, to change your password). These e-mails and messages are considered an integral part of the Service and you may not opt-out of them.
  • To send you information we believe you would find interesting including marketing and promotional materials; by post, email, telephone, SMS text or other means, including electronic means. You can object to marketing at any time, as explained below.
  • To identify and monitor for fraud, we and other organizations may access and use information recorded by fraud-prevention agencies.
  • To assist in the course of any investigation by us, other financial organizations or other third parties into any suspected criminal activity.
  • To obtain your views on our services and our website.
  • To develop and test services.
  • To let you know within the app if any of your contacts/friends are a registered Tap user. If you have the relevant settings in the Tap App activated, we'll use the contact list on your phone so you can easily make payments to your contacts. We will never store any of this data on Tap's servers.
  • To comply with local and national laws, including card scheme rules and requests from law enforcement and regulatory authorities; and.
  • In respect of marketing, market research and similar activities, we may use your personal data for such purposes whether or not you are accepted as or continue to receive Services. If you sign up to receive this information and then no longer wish to receive the marketing or promotional information from us, please let us know via the Contact Us section within your APP or via the address shown on https://www.tap.global

WHO DO WE SHARE THIS INFORMATION WITH?

We may share or receive information about you with or from other sources and add it to our account information, including when you use any of the other websites we operate or other services we provide. We are working closely with third parties including:

  • Business partners and Sub-contractors for the performance of any contract we enter into with them or you, or any services that we provide to you.

  • Acquirers and Payment Service Providers (where allowed under any Terms of Use or other contract): including the credit institution where you (or your business) maintains its bank account and the card schemes governing the issue and use of credit, debit, charge, purchase or other payment cards, alternative payment schemes and any other financial institutions who may process payments and who are not operating under Tap Global control nor for whom whose actions or omissions Tap Global has liability.

  • Outsource and Service providers - such as credit card processors, e-KYC solutions providers, auditors, advisors, consultants, live help/chat providers and contractors Tap Global 's websites and business operations and we may receive information about you from them or provide such information to them. We contractually require these recipients to only use personal data for the intended purpose of the disclosure and that they destroy or return it when it is no longer needed.

  • As required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale.

We may disclose your personal information to third parties:

Where we are required or permitted to do so by law: we may be required by law to pass information about you to regulatory authorities and law enforcement bodies worldwide, or we may otherwise determine that it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities, or with commercial organizations with whom you may have had dealings and whom are seeking to mitigate fraud risk, or for the purposes of litigation or legal process, national security or where we deem it in the national or public interest or otherwise lawful to do so.

Business transfers: Tap Global may buy or sell business units or affiliates. In such circumstances, we may transfer customer information as a business asset. Without limiting the foregoing, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners; and

With your permission: Your information may also be used for other purposes for which you give your specific permission, or when required by law or where permitted under the terms of the relevant data protection legislation. Except where permitted as stated, Tap Global does not sell, rent, share or otherwise disclose personal data about its customers to third parties for commercial purposes.

We may also transfer your data outside Gibraltar and the EEA only if such a transfer will be subject to the appropriate and suitable safeguards such as:

  • ensuring of an adequate level of protection for your Personal Data by the third country;
  • an approved certification mechanism or code of conduct with binding and enforceable commitments;
  • a contract with the person or entity receiving your Personal Data which incorporates specific provisions as directed by the European Commission;
  • permissibility of the transfer by applicable laws;
  • your explicit consent to the transfer.

DATA RETENTION

Personal data is stored for varying lengths depending on the nature and purpose for which it was collected. We store personal data in line with any applicable statutory minimum periods, and then review it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected.

The data that you provide us is sent via a secure link (HTTPS) and sensitive data stored is encrypted using standard encryption technology in computer servers with limited access and in controlled facilities. We follow generally accepted industry standards to protect personal data, however no method of transmission over the Internet or method of electronic storage is 100% secure.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We will never contact you and ask for your password.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website or/and the Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

All our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of your personal data. The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.


DATA SUBJECT RIGHTS

You have the right to request from us confirmation of whether we are processing your personal data, and if so, access to that information.
If any of your personal data is inaccurate you have a right to request rectification. We are very keen to ensure the data we hold is accurate and up to date. Please contact Customer Services via help@tap.global.

You have the right to object to our processing and/or request it is deleted or restricted although please note that this may mean we are unable to continue to provide you with the Services. In considering our response we undertake to ensure your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. We will also look at whether it is still necessary to process your data for the purpose it was collected or whether applicable legislation means we are unable to erase a piece of data. Please contact Customer Services for more information.

We will always observe your objection to receiving either our Tap Global marketing or to us passing on your contact details to third parties for their direct marketing purposes: please contact Customer Services including the name, business name, address, telephone number and email address that you wish to have excluded.

Opting Out: If you have opted to receive marketing-related messages from us and would prefer to no longer receive these, or if you would prefer that we not share personal data about you with any of our business partners, you may later opt-out of receiving messages from us or from our future sharing of information about you by following the "unsubscribe" instructions in the latest such message you have received. We will endeavour to comply with your request as soon as reasonably practicable. Please keep in mind that if you opt-out of receiving promotional messages from this Website, we will continue to send you transactional messages and important account-related information regarding this Website or Services offered through this Website.

Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us identify you and respond to your request.


HANDLING OUR CUSTOMERS' DATA

Sometimes our customers provide us with their business data, such as their customer, supplier or prospect data - which may contain personal data - in order for us to provide them a service. In these instances, we are the processor of any personal data contained in their data. Different parts of the GDPR apply when we act as a processor and we take these obligations very seriously. The above notice does not apply to our data received from our customers as this does not become Tap Global data (unless the customer has expressly agreed to this).


UPDATING THIS PRIVACY NOTICE

We strive for continuous improvement in our services, processes and protecting data subject rights. We will therefore update this privacy notice from time to time. Therefore, we advise you to check this notice on a regular basis, or if requested we will send it to you on a regular basis.


CONTACT US

If you have any comments or questions regarding our Privacy Policy or if you have any concerns regarding your Privacy, you can contact our support team at support@tap.global.


COMPLAINTS

All complaints or concerns and appropriate resolution relating to the practices of handling personal information will be logged. Any complaints of this nature should be made to Customer Services at: complaints@tap.global.

You also have the right to lodge a complaint with a supervisory authority, such authority in Gibraltar being the Gibraltar Regulatory Authority, details of which can be found at https://www.gra.gi.


Transact Payments Limited

Privacy Policy

Publication date 25.05.2018 Version 1.0

Privacy Policy

This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

TPL is committed to safeguarding the privacy of your information. By "your data", "your personal data", and "your information" we mean any personal data about you which you or third parties provide to us.

We may change this Policy from time to time so please check this page regularly to ensure that you're happy with any changes.


Who are we?

Transact Payments Limited ("TPL", "we", "our" or "us") is the issuer of your card and is the Data Controller for the personal data which you provide to us in relation to the card only. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217.

Tap Global Limited ("TAP") is the Program Manager for your card program and is the Data Controller for any personal data which you provide which is not related to the card. TAP is incorporated in Gibraltar with registration number 118724 and registered office at 57/63 Line Wall Road, Gibraltar GX11 1AA.


How do we collect your personal data?

We collect information from you when you apply online or via a mobile application for a payments card which is issued by us. We also collect information when you use your card to make transactions. We also obtain information from third parties (such as fraud prevention agencies) who may check your personal data against any information listed on an Electoral Register and/or other databases.


On what legal basis do we process your personal data?

Contract
Your provision of your personal data and our processing of that data is necessary for each of us to carry out our obligations under the contract (known as the Cardholder Agreement or Cardholder Terms & Conditions or similar) which we enter into when you sign up for our payment services. At times, the processing may be necessary so that we can take certain steps, at your request, prior to entering into that contract, such as verifying your details or eligibility for the payment services. If you fail to provide the personal data which we request, we cannot enter into a contract to provide payment services to you or will take steps to terminate any contract which we have entered into with you.

Legal/Regulatory We may also process your personal data to comply with our legal or regulatory obligations.

Legitimate Interests On occasion we may have a legitimate interest or those of a third party to process your personal data.


What type of personal data is collected from you?

When you apply for a card, we, or our partners on our behalf, collect the following information from you: full name, physical address, email address, mobile phone number, phone number, date of birth, gender, login details, IP address, identity and address verification documents.

When you use your card to make transactions, we store that transactional and financial information. This includes the date, amount, currency, card number, card name, account balances and name of the merchant, creditor or supplier (for example a supermarket or retailer). We also collect information relating to the payments which are made to/from your account.


How is your personal data used?

We use your personal data to:
- set up your account, including processing your application for a card, creating your account, verifying your identity and printing your card.

- maintain and administer your account, including processing your financial payments, processing the correspondence between us, monitoring your account for fraud and providing a secure internet environment for the transmission of our services.

- comply with our regulatory requirements, including anti-money laundering obligations.


Who do we share your information with?

When we use third party service providers, we have a contract in place that requires them to keep your information secure and confidential.

We pass your information to the following categories of entity:

- identity verification agencies to undertake required verification, regulatory and fraud prevention checks;
- information security services organisations, web application hosting providers, mail support providers, network backup service providers and software/platform developers;

- document destruction providers;

- anyone to whom we lawfully transfer or may transfer our rights and duties under this agreement;

- any third party as a result of any restructure, sale or acquisition of TPL or any associated entity, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us.

- regulatory and law enforcement authorities, whether they are outside or inside of the EEA, where the law requires us to do so.


Sending personal data overseas

To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:

  • with service providers located outside the EEA;
  • if you are based outside the EEA;
  • where there is an international dimension to the services we are providing to you.

These transfers are subject to special rules under European and Gibraltar data protection law.

These non-EEA countries do not have the same data protection laws as Gibraltar and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the European Commission has made an adequacy decision, meaning that it has ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about this here.

Where we send your data to a country where the European Commission has not made an adequacy decision, our standard practice is to use standard data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses, please go to the European Commission's website.

We send your data to the United States of America. In relation to data transfers to the USA, please go to the Privacy Shield website in order to find out more about the EU Commission-approved safeguards in place.

If you would like further information please contact our Data Protection Officer on the details below.


How long do we store your personal data?

We will store your information for a period of five years after our business relationship ends in order that we can comply with our obligations under applicable legislation such as anti-money laundering and anti-fraud regulations. If any changes to applicable legislation require us to retain your data for a longer period of time, we shall retain it for that period. We will not retain your data for longer than is necessary.


Your rights regarding your personal data?

You have certain rights regarding the personal data which we process:
- You may request a copy of some or all of it.
- You may ask us to rectify any data which we hold which you believe to be inaccurate.
- You may ask us to erase your personal data.
- You may ask us to restrict the processing of your personal data.
- You may object to the processing of your personal data.
- You may ask for the right to data portability.
- If you would like us to carry out any of the above, please email the Data Protection Officer at DPO@transactpaymentsltd.com.


How is your information protected?

We implement security policies and technical measures in order to secure your personal data and take steps to protect it from unauthorised access, use or disclosure.

While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.


Complaints

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority.

Their contact details are as follows:
Gibraltar Regulatory Authority,
2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.
(+350) 20074636 / (+350) 20072166
info@gra.gi


Other websites

Our website may contain links to other websites. This privacy policy applies only to our website, so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.


Changes to our Privacy Policy

We keep our Privacy Policy under review and we regularly update it to keep up with business demands and privacy regulation. We will inform you about any such changes. This Privacy Policy was last updated on 25th May 2018.


How to contact us

If you have any questions about our Privacy Policy or the personal information which we hold about you or, please send an email to our Data Protection Officer at DPO@transactpaymentsltd.com.