Privacy Policy – MyRIA Application
This privacy policy (‘Privacy Policy’) defines how we collect and use your data in connection with the use of the MyRIA mobile application (‘MyRIA application’) and payment services offered with it.
THE CONTROLLER.
The controller of your personal data processed in connection with your use of the MyRIA Application and payment services provided with the use of the MyRIA Application is Ria Payment Institution, E.P., S.A.U. (‘RIA’), Calle Cantabria, 2, 2º, A-1, 28108 Alcobendas, Madrid, Spain, part of the Euronet Worldwide, Inc. group (‘Euronet Group’). Additional information about the Euronet Group is available at http://www.euronetworldwide.com. If you have any questions regarding the processing of your personal data by RIA or this Privacy Policy, please feel free to email RIA at dpo@euronetworldwide.com.
DATA PROTECTION INSPECTOR.
You may contact the Data Protection Officer appointed by the RIA at dpo@euronetworldwide.com or by calling +48223070146, You may also send your requests to Calle Cantabria, 2, 2º, 28108 Alcobendas, Madrid, Spain (with a note: to the hands of the Data Protection Officer).
CATEGORIES OF PERSONAL DATA.
RIA processes your personal data provided by you to RIA through the forms provided through the MyRIA Application in connection with the registration of your user account. This data includes in particular your name (or names), surname (or surnames), your citizenship, state and address of residence, facial image, date of birth, marital status, gender, series and number of your ID document (identity card or passport), expiration date of this document, your e-mail address and mobile phone number, as well as other personal data that may be included in the photos of your ID document provided to us.
In case you have already used RIA services, as a part of the verification process we will compare your personal data with the data collected in the RIA databases. In this case, we also use the data of your past transactions, including the identification data of the payees in these transactions.
If the process of registering your user account involves the verification of your identity based on a video call initiated by RIA, we also process your facial image acquired in this way, as well as personal data that you make available during the call to the RIA representative, in particular your name (names) and surname (surnames), address of residence, mobile phone number, date of birth, number of your ID document, issuing authority and validity date as well as the profession performed. Please be advised that during the video call you should not provide or otherwise make available to RIA more personal data that is specifically required by the RIA representative.
It is possible that during the registration process or at a later date RIA requests that you provide additional information or documents. In such case, we will process the personal data you provided with these documents or information as a response to the requests of RIA.
We process your data that we have obtained in connection with your use of the MyRIA Application and payment services provided by RIA based on the MyRIA Application. This includes data provided by you in connection with you defining the payment order in the MyRIA Application, including information on the transaction amount, currency, payee, as well as the date of the transaction and the method of its execution.
We may also process your data obtained in connection with the RIA obligations under applicable law, including relevant anti-money laundering and counter terrorism financing regulations, including, but not limited to, information on the type of relationship between you and the payee, or the purpose of the transaction.
We may also process your personal data that you provided to us in connection with your correspondence with RIA or in the course of telephone conversations with RIA representatives.
Providing by you of your personal data referred to above is voluntary. Not providing this data may, however, result in the inability to use the services provided by RIA through the MyRIA Application and define money transfer orders based on the MyRIA Application.
PUROPOSES AND BASIS FOR PROCESSING OF YOUR PERSONAL DATA.
RIA processes your personal data for the purposes related to the provision of services through the MyRIA Application.
Your personal data provided in the account registration form made available in MyRIA Application is processed by RIA for the purpose of taking actions before entering into a service agreement with you, concerning the creation and maintenance of your user account in the MyRIA Application. If the account is successfully created – we use this data in order to perform the agreement concluded with you.
If you have defined the money transfer order using the MyRIA Application, your data is also processed by RIA to take the actions before concluding with you a contract for the provision of the payment services you selected through the MyRIA Application and also to provide such payment service.
The basis for the processing of personal data for this purpose is Article 6 Sec. 1 pt. b) of the GDPR.
RIA also processes your personal data in order to comply with legal obligations imposed on RIA, in particular obligations arising from the applicable legislation on counteracting money laundering and terrorism financing and for the purposes of preventing frauds related to the payment services rendered by RIA. The basis for the processing of personal data for this purpose is Article 6 Sec. 1 pt. c) of the GDPR.
RIA may also process them for purpose of pursing potential claims that may arise from the provision of services through the MyRIA Application, as well as for related archival purposes, including securing data for the event of the necessity to prove facts regarding the services provided by RIA in relevant proceedings. The basis for the processing of personal data for these purposes is Article 6 Sec. 1 pt. f) of the GDPR - the legitimate interest of the RIA as data controller.
In the event that we decide to use your personal data for legitimate purposes of RIA, we will do our best to ensure that this action fully respects your rights and interests.
MARKETING.
RIA may process your personal data, for the purposes of the direct marketing of RIA services. The basis for processing of personal data for these purpose is Article 6 Sec. 1 pt. f) of the GDPR.
This may include evaluating various aspects of your personal data (profiling) in order to assure that the commercial information RIA sends you is always best suited to your needs.
You may resign from receiving commercial information from RIA at any time with a click on the link provided in the footer of every e-mail sent by RIA, by writing to the RIA mailing address Calle Cantabria, 2, 2º, 28108 Alcobendas, Madrid, Spain (with a note: to the hands of the Data Protection Officer) or by e-mail sent to dpo@euronetworldwide.com.
DATA RECEIPIENTS.
The use of the MyRIA Application involves disclosure by RIA of your personal data to other entities.
Next to our employees and associates, we may disclose your personal data to entities that provide various services to RIA, including RIA agents, with the help of which RIA handles payment transactions carried out through the MyRIA Application. This applies in particular to services such as server maintenance, processing and execution of money transfer orders, as well as compliance.
In some cases, RIA may transfer your personal data to entities that belong to the Euronet Group. We undertake these activities only if it is essential or necessary to provide services through the MyRIA Application or for purposes related to the provision of services through the MyRIA Application. Your personal data may also be disclosed to these entities if this is required under provisions of applicable law.
Some of the entities to which we may disclose your personal data in accordance with the above provisions may be located outside the EEA. This includes countries which, according to the European Commission, do not provide an adequate level of protection of personal data. In this case, RIA ensures that the transfer of your personal data is based on one of the mechanisms provided by law, allowing for the lawful disclosure of your personal data to a third country.
We may also disclose your personal data with entities that are entitled to request it under applicable law, including judicial authorities as well as other public authorities within the scope of their competence.
Finally, there is the possibility that we may disclose your personal data in connection with the sale, purchase, merger or reorganization of RIA or any of its assets. In such case, RIA will take all appropriate measures to ensure that your data is adequately protected.
YOUR RIGHTS.
You have various rights in connection with the processing of your personal data by RIA.
-
You have the right to access your data. This means that you can ask RIA if we process your personal data, what categories of your data we process and for what purposes. You can also ask, among other things, to whom we disclose your personal data, or how long RIA will retain it. You can also ask us about the processing of your personal data which is associated with automated decision making.
-
You have the right to request rectification of your data. We take our best efforts to ensure that your personal data is correct and complete. However, if it turns out otherwise, you have the right to correct or supplement the data.
-
You have the right to obtain from RIA the restriction of processing or deletion of your personal data. This means that in some cases defined by law, you may request that the processing of your personal data be limited only to storage. In some cases you also have the right to request your personal data be deleted by RIA.
-
You have the right to withdraw your consent to the processing of your personal data data in cases where your data is processed based on the consent given.
-
You have the right to object wto the processing that RIA carries out based on its indispensability or the legitimate interests of RIA.
You can also object to the processing of your personal data for direct marketing purposes of RIA, including profiling carried out for this purposes. -
You have the right to data portability. This means that you have the right to demand that your personal data provided to RIA and processed on the basis of your consent be issued to you in a structured, machine-readable and commonly used format. You can send this data to another controller without any obstacles on the part of RIA. You can also ask RIA to forward your data directly to another controller - we will honor this request if only this is technically possible.
-
You have the right to lodge a complaint with a supervisory authority. RIA strives to ensure protection of your personal data in accordance with the applicable law. If, however, you decide that we process your personal data unlawfully, you have the right to lodge a complaint with the competent supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.
You can exercise your rights as described above by notifying RIA in writing to the RIA mailing address Calle Cantabria, 2, 2º, 28108 Alcobendas, Madrid, Spain (with a note: to the hands of the Data Protection Officer) or by e-mail sent to dpo@euronetworldwide.com.
FOR HOW LONG RIA STORES YOUR DATA.
RIA stores your personal data provided in connection with use of the MyRIA Application user data only as long as it is reasonable for legitimate purposes of processing.
RIA stores your personal data including information about any transactions made by you through the use of the MyRIA Application for the period required by applicable law, including in particular the relevant provisions on provision of payment services, tax regulations or laws on counteracting money laundering and terrorism financing.
Irrespective of this, RIA may store your personal data gathered during the process of account registration and in connection with payment services provided through the MyRIA Application for the time that equals the limitation period for any claims that may arise from any agreements you have concluded with RIA in connection with your use of the MyRIA Application or until these claims expire.
RIA may also store your personal data processed for the purposes of direct marketing of services provided by RIA until resign from receiving commercial information from RIA or object to the processing of your personal data by RIA for these purposes.
SECURITY OF YOUR PERSONAL DATA.
RIA uses a variety of organizational and technical measures to ensure that your personal data is properly protected against accidental or unlawful distortion, destruction, loss, modification or disclosure. RIA focuses on modern and secure technologies that protect our systems against interference of unauthorized persons, and – with emergence of innovative methods – constantly updates its security measures.
RIA databases are equipped with the latest generation of solutions that prevent unauthorized access. What's more, all personal data is stored in a secure location, protected by firewalls and other complex security systems, which only authorized persons have access to.
All RIA employees who have access to the processing of personal data or related processes are contractually obliged to respect their confidentiality and privacy standards.