Terms and conditions of use

Rule 1

VPOS Website Privacy Notice

General information
This Privacy Notice governs and explains how VPOS (hereinafter
referred to as “we” or “Data Controller”) collects and further processes your
personal data when you use the website thevpos.com.
The terms contained in this Privacy Notice apply each time you access our content
and/or services, regardless of what device (computer, mobile phone, tablet,
TV, etc.) you use.
E-mail: info@thevpos.com

We confirm that we will collect information about you in line with the
requirements of the applicable laws and regulations of the European Union
and of the Republic of Cyprus and the guidelines of the regulatory
authorities, and that we have adopted all reasonable technical and
administrative measures to ensure that data that we collect about website
visitors are protected from loss, unauthorised access and/or alteration. The
Data Controller’s employees have made written commitments not to disclose
and distribute information accessed in the workplace to any third party,
including information about visitors of the website/social media accounts.
Persons under the age of 16 may not provide any personal data through our
website/social media accounts. If you are a person under 16, make sure that
you obtain a parent or guardian’s permission before you provide personal
information to us.
The definitions used in this Privacy Notice have the meanings assigned to
them in General Data Protection Regulation No 2016/679 (EU).

Be sure to read carefully this Website Privacy Notice, because each time you
access this website you agree to abide by the terms described here. If you
disagree with these terms, please do not visit our website, use our content
and/or services.

How do we collect information about you?
We may collect personal data about you, i.e. any information identifying you,
in various ways:

• You may provide us with information (personal data) directly (by filling
  in a registration form, subscribing to our newsletter, or making a call to
  us).
• We may collect information about you automatically (when you visit
  our website, our social media account, or use our applications).
• In certain cases we may acquire information about you from third
  parties and may collect information about you from publicly available
  sources (e.g. through LinkedIn social networking platform, your
  company’s website or otherwise).
  We may collect information that you provide to us directly. Typically this will
  happen when you:
• sign up to our website;
• enter into an arrangement with us for provision of services or another
  agreement;
• install our applications;
• subscribe to our newsletter or register to receive other
  communications;
• participate in our surveys.
  We may collect information about you automatically. Typically this will
  happen when you:
• submit inquiries through our registration system or social media
  accounts;
• use our website (we collect information about you through the use of
  cookies and similar technologies; to learn more about the cookies we
  use see the information below);
• make public posts on social media platforms that we follow.
  Where permitted by applicable law, we may acquire information about you
  from third parties. This may include information shared by our partners,
  marketing agencies, your publicly available profile information (LinkedIn,
  Facebook, Twitter, Instagram). We may link information provided by yourself,
  collected from public and commercial sources to other information we obtain
  from you or about you.
  We may also collect information about you in other contexts than discussed
  in this Privacy Notice. If this is the case, we will give you further notice.
  What information (personal data) about you do we process?
  Although we seek to collect as limited amount of your information as
  possible, we collect the following information:
• information necessary to provide our services to you (provided in
  contracts, registration form);
• information you give us in surveys;
• information you give us in calls to us;
• information about your preferences and interests;
• information necessary to verify your age and identity;
• information about the device you use.
  Information that we collect from you directly will be apparent from the
  circumstances and the context in which you provide it. For example:
• when we provide our services to you we process your information such
  as your name, surname, payment method, address, passport number
  and other information we may need in providing services to you, such
  as your phone number or e-mail address to which we will send your
  registration confirmation;
• credit card number, credit card expiration date;
• information about your interests and preferences.
  Information that we collect automatically will generally concern:
• information about your usage of our websites (device information: IP
  address, operating system version, and settings of the device you use
  to access our content/products; log information: time and duration of
  your login session, search query terms you enter through the website,
  and any information stored in cookies that we have set on your device
  (cookies policy is provided below); location information: your device’s
  GPS signal or information about nearby WiFi access points and cell
  towers that may be transmitted to us when you use our website
  content.
  Information that we collect from third parties or publicly available sources
  will generally consist of the following:
• your interests;
• your e-mail address, name, surname, your country, special preferences
  and interests.
  You may choose not to disclose certain information to us (e.g. information
  requested in the registration form), but in that case you may not be allowed
  to register in our website or receive our services.
  Purposes and legal basis of data processing
  We use the above information we collect for the following purposes:
• to provide payment services;
• to provide service-related information you request;
• for marketing purpose , e.g. providing customised advertisements and ss
  sponsored content and sending promotional communications;
  assessment and analysis of our market, clients, products and services
  (including asking for your opinions on our products and services,
  carrying out client/partner surveys, running competitions or
  promotions, as permitted by law);
• to understand the way people use our online services so that we can
  improve them and develop new content, products and services;
• to protect our interests before any court or any other institution;
• otherwise with your consen .ts
  ⃰sYou may opt out of direct marketing communications from us at any time.
  If you prefer not to receive our direct marketing communications, please let
  us know by sending us an e-mail to info@thevpos.com or clicking on the
  opt-out link appearing in the newsletter.
  We process personal data about you based on one or several legitimate
  grounds for the processing:
• compliance with legislative requirements;
• discharge of obligations under a contract between you and us;
• our legitimate interests, unless they are overridden by your private
  interests;
• in certain cases, your consent.
  The purposes of the processing of your personal data, with respective legal
  bases and personal data collected for such purposes, are set out in the table
  below:
  Purpose Legal basis/bases Personal data To provide payment and related services
  Discharge of obligations under a contract between you and us.
  Compliance with legislative requirements.
  Our legitimate interests unless, these interests are overridden by your private interests.
  Name, surname, payment method, credit card number, address, passport number, credit
  card expiration date, other information we may need in providing our services to you,
  such as your phone number or email address to which we will send your registration
  confirmation, information about your interests and preferences.
  To provide servicerelated information you request This information
  is provided to you on the basis of our legitimate interest to provide you with accurate
  information about the services we provide, extra services, etc.
  In order to be able to answer your queries by phone, e-mail,
  through social media and otherwise, we may ask you to
  give us your phone number, email address or other contact
  details convenient to you. For marketing purposes, e.g.
  providing customised advertisements and sponsored content and sending
  promotional communications; assessment and For this purpose
  we process your personal data on the basis of our legitimate interest to
  inform about our services, events, news and other Name, social media account
  details, telephone, e-mail, address, your interests. Purpose Legal basis/bases
  Personal data analysis of our market, clients, products and services (including asking for your
  opinions on our products and services and carrying out client/partner surveys)
  relevant information. 
  To understand the way people use our online services so that we can improve them and
  develop new content, products and services For this purpose we process your
  personal data on the basis of the legitimate interest to monitor the quality of our
  services, develop and improve the content we provide, and ensure security
  of the website.
  IP address, operating system version, and settings of the device you use to access our
  content/products, time and duration of your login session, search query terms you enter
  through our website, and any information stored in cookies that we have set on your device, your
  device’s GPS signal or information about nearby WiFi access points and cell towers that may be transmitted to us when
  you use our website content.  To protect our interests before any court or any other institution
  Compliance with legislative requirements. Legitimate interest to defend against lawsuits and
  claims. 
  Depending on the lawsuit or  claim filed, we may collect all personal data mentioned in this
  Privacy Notice that we have about you. 
  Where we do not base our use of information about you on one of the above
  legal bases, we will ask for your consent before we process your information
  (these cases will be clear from the circumstances and the context).
  In some instances, we may use information about you for purposes other
  than described above. Where this is the case, we will provide a supplemental
  notice to you.
• To whom we disclose your personal data?
  We may disclose your personal data to the following entities:
• companies that provide services for us;
• banks/companies that provide payment services;
• companies assisting with organising competitions/games/promotions;
• other carefully selected business partners;
• We may share information about you with other third parties, such as public
  authorities, authorities supervising activities in the payment sector, pre-trial
  investigation officials, courts, and others, when we consider disclosure to be
  necessary to protect our legitimate interests.
  To what countries do we transfer your personal data?
  Sometimes we may have to transfer your personal data to other countries
  that may offer lower levels of data protection. In such cases we do all that is
  within our control to ensure the security of the data we transfer.
  The Data Controller transfers your personal data to the following countries
  outside the European Economic Area: Israel.
  Where the Data Controller transfers your personal data to countries outside
  the European Economic Area we ensure that any of the following safeguards
  is implemented:
• A contract is signed with the data recipient based on the standard
  contractual clauses adopted by the European Commission.
• In respect of data transmission by a group of undertakings, binding
  corporate rules are applied.
• The data recipient is established in a country recognised by the
  European Commission as applying adequate data protection
  standards (Israel, for example)
• Authorisation is obtained from the Data Protection Inspectorate.
  How do we protect information about you?
  We have put in place reasonable and appropriate physical and technical
  measures to safeguard the information we collect in connection with the
  provision of our content/services. Please note, however, that although we
  take reasonable steps to protect your information, no website, Internet
  transmission, computer system or wireless connection is completely secure.
  How long will your personal data be kept?
  We will retain your personal data for the period necessary to fulfil the
  purpose for which they were collected. After that, we will delete them, except
  where we are legally obligated to retain the information for tax purposes, or
  such data may be required in conducting a pre-trial investigation, but in any
  event the retention period will not extend beyond 10 years. On expiration of
  this period, the data will be irretrievably deleted.
  Normally, personal data storage periods are as follows:
  Personal data Retention period
  Payment data At least 10 years after the payment transaction
  Personal data used
  for marketing
  purposes
  3 years from your last visit to our website
  IT system logs Up to several months
  Analytical data
  Such data are normally collected automatically
  while you visit the website and immediately
  depersonalised/aggregated.
  Rights that you have
  The data subject whose data are processed in connection with activities
  carried out by the Data Controller, depending on the situation, has the
  following rights:
• to know (be informed) about the processing of data concerning
  him/her (right to know);
• to access his/her data and be informed about the methods of their
  processing (right of access);
• to obtain rectification of personal data or, taking into account the
  purposes of the processing of personal data, to have incomplete
  personal data completed (right to rectification);
• to obtain the erasure of data concerning him/her or the suspension
  of data processing activities concerning him/her (except storage)
  (right to erasure and ‘right to be forgotten’);
• to obtain from the Data Controller restriction of the processing of
  personal data if there is a legitimate ground (right to restriction of
  processing);
• to object at any time to processing of personal data concerning him
  or her which is based for the performance of a task carried out in
  the public interest or for the purposes of the legitimate interests
  pursued by the controller or by a third party. The controller has to
  demonstrate compelling legitimate grounds for the processing
  which override the interests, rights and freedoms of the data
  subject (right to object);
• to exercise the right to data portability (right to data portability);
• to lodge a complaint with the State Data Protection Inspectorate.
  We offer you easy ways to exercise these rights. You can do so by writing to us to info@thevpos.com, or using
  certain links provided at the end of our promotional communications.
  You may not be able to exercise these rights when in the cases provided by
  law it is necessary to ensure prevention, investigation and detection of
  crimes, violations of official or professional ethical standards, as well as the
  protection of the rights and freedoms of the data subject or other persons.
  We will ask you to prove your identity face-to-face, through electronic
  signature or, where the two options are not available, remotely via Skype
  before we enable you to exercise your rights.
  Rights that you have Certain restrictions
  To know (be informed) about the processing of
  your data (right to know)
  You have the right be informed in a concise form
  and using simple and plain language before the
  processing of your personal data.
  Rights that you have Certain restrictions
  To access your data and be informed about the methods of their
  processing (right of access)
  This right means:
• confirmation whether or not we process
  personal data concerning you;
• providing you with the list of your data
  that we process;
• informing you about the purposes and
  legal bases for the processing of your
  personal data;
• confirmation as to whether or not we
  transfer data to third parties and, if so,
  the safeguards we have implemented;
• informing you from which source your
  personal data originate;
• information as to the existence of
  profiling;
• information about the storage period.
  After we have established your identity, we will
  provide you with the above information, provided
  this does not affect the rights and freedoms of
  others.
  To obtain rectification of personal data or, taking into account
  the purposes of the processing of personal data, to
  have incomplete personal data completed (right to rectification)
  This applies if the information we hold is incomplete or inaccurate.
  To obtain the erasure of your data (right ‘to be forgotten’)
  This applies if: 
• the information we hold is no longer
  necessary in relation to the purposes for which
  we use it;
• we process your data on the basis of your
  Rights that you have Certain restrictions
  consent and you withdraw your consent;
• we process your data on the basis of
  legitimate interests and we find that, following
  your objection, they are overridden by your private interests;
• the information was unlawfully used.
  To stop all data processing activities in respect of your
  data (except storage) 
  This right applies, temporarily while we look into
  your case, if you:
• contest the accuracy of the information;
• have objected to our processing of your
  personal data on the basis of legitimate
  interests;
• our processing of your information is unlawful
  and you oppose the erasure of the
  information;
• we no longer need the information, but you
  require it to establish a legal case.
  To obtain from the Data Controller  restriction of the processing of
  personal data if there is a legitimate ground (right to restriction of processing)
  You may opt out of our use of your personal data for direct marketing purposes.
  To object to processing of personal data
  This right means that data subject can object at any time to processing of personal data concerning
  him or her which is based for the performance of a task carried out in the public interest or for the
  purposes of the legitimate interests pursued by the controller or by a third party. The controller has to
  demonstrate compelling legitimate grounds for the processing which override the interests, rights and
  freedoms of the data subject To exercise the right to data portability
  This right may be exercised if you have provided
  your data to us and the processing is carried out by
  us by automated means and on the basis either of
  Rights that you have Certain restrictions your consent, or on the basis of discharging our
  contractual obligations to you.
  To lodge a complaint with the State Data Protection Inspectorate
  Contact us
  If you discover any inconsistency in this Privacy Notice, any security issue on
  our website, or have other questions related to the processing of your
  personal data, please contact us in a manner convenient to you using the
  contact details below:
  E-mail: info@thevpos.com
  Final provisions
  We will review this Privacy Notice at least once every two years. We will
  notify you about changes to this Privacy Notice that we consider material by
  posting a notice on the specific website. By continuing to access or use our
  content and/or services after we have posted such notice you agree to be
  bound by the new terms set out in the update.
  Approved by Order No [03-23] issued by the Managing Director on [23] [03]
  2022.
  Last reviewed [17] March 2023.