Privacy Policy
European Economic Area
Who are we?
Seif Financial Services SRL (“SeifMoney”) is an EMI agent with offices in Romania. We provide e-wallet and payment services through a licensed third party partner to the European Union.
What, Why?
It is important that you know exactly what we do with the personal information you and others make available to us, why we collect it, and what it means for you. This document outlines the approach to Data Privacy SeifMoney is taking to fulfill our obligations under the Regulation (EU) 2016/679 of the European Parliament and of the Council1, the European Union’s (‘EU’) new General Data Protection Regulation (‘GDPR), as implemented on the 25th of May 2018 and Romanian regulatory framework. Being transparent and providing accessible information to individuals about how we will use their personal data is a key element of our organization.
The collection and use of data from a variety of sources are essential to our ability to provide our payment Services in a safe manner and are helping us to reduce the risk of fraud and money laundering. If you disagree with the practices described in this privacy policy, you should take the necessary steps to remove cookies from your computer/device after leaving our website(s) and not continue to use our Services.
What Personal Data signifies?
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such name, an identification number, location, data, or other information that help/lead to identify that natural person.
“Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, sexual orientation, trade union membership, genetic data and biometric data.
“GDPR and the national and European additional legislation” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and especially Law no. 190/2018 on the measures for the application of (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Data Protection Impact Assessment” means the process meant to describe the processing, to evaluate the necessity of performing the processing and the proportionality of such processing and to contribute to the risk management regarding the rights and freedoms of data subjects, by evaluating them and establishing the risk mitigating measures.
“Personal Data Breach” means a breach of security leading to the accidental and unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or distruction.
“Data Protection Officer or DPO” means the person designated by the Controller to overlook the Personal Data Processing, especially where the core activities of the controller or the person empowered by the Controller consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale or the core activities of the controller consist of processing on a large scale of special categories of data and personal data relating to criminal convictions and offences/felonies.
Who is the Data Controller?
For personal data processed under this privacy policy, the data controller is:
Seif Financial Services SRL, 24 Delea Veche Street, Building A, Bucharest 024102, Romania
The personal data we would like to collect from you is:
- First Name and Surname (with title);
- Date of birth;
- Email;
- Proof of address documents;
- ID Documents;
- Other personal information such as telephone recordings; security questions, user ID;
- Address;
- Gender;
- Bank Account details;
- Telephone number;
- Transactional information; and
- CCTV footage where you visit SeifMoney offices.
Our legal basis for processing the personal data:
- receipt of your consent;
- performance of a contract where you are a party;
- legal obligations that SeifMoney is required to meet;
- national law.
- Any legitimate interests pursued by us, or third parties we use, are as follows:
- the prevention of fraud, money laundering, counter-terrorist financing, or misuse of services.
Governing Law and Jurisdiction:
This privacy policy shall be governed by and interpreted in accordance with the laws of Romania. In case a dispute have arisen between you and us concerning this Privacy Policy and /or the Payment Services, the parties agree that the dispute, controversy or request arising as a result or in relation to this Privacy Policy will be conducted exclusively by the competent courts in Bucharest, Romania.
Notice
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data: public interest; legal obligation (mandatory for compliance with a legal or regulatory obligation); performance of a contract to which you are a party or to take steps at your prior to entering a contract) and our legitimate interest.
Consent
By using our services you are consenting to this privacy policy and you are giving us permission to process your personal data specifically for the purposes identified above. Consent is required for SeifMoney to process personal data, but it must be explicitly given. Where we are asking you for sensitive personal data, we will always tell you why and how the information will be used.
Consent for Underaged
SeifMoney services are not available for anyone under the age of 18 years. In any case, please be aware that children need specific protection about their personal data, as they may be less aware of the risks, consequences and safeguards concerned, and of their rights in relation to the processing of personal data for the purposes of using these services.
Withdrawal of Consent Conditions
You may withdraw consent from direct marketing at any time by contacting us via support@seifmoney.com or sending a letter through the postal service to our office. Please note, where you have consented to your data being used for carrying out financial transactions, then the right to withdraw consent does not exist. As a payment services are being provided thorugh us, SeifMoney is obliged to retain data concerning financial transactions for 5 years in accordance with the laws of Romania for the purpose of keeping financial records, and of preventing, detecting, and investigating, possible money laundering or terrorist financing. In any case, a withdrawal of consent for information processing required in the process of carrying out our services will cause immediate termination of service.
Cross-Border Data Transfers & Third-Party Disclosures
In limited situations where SeifMoney stores or transfers personal information outside Romania, robust procedures and safeguarding measures apply to secure, encrypt and maintain the integrity of the data. SeifMoney will complete continual reviews of any third parties with sufficient adequacy decisions, such as the General Data Protection Regulation 2016/679 in the European Union, the Privacy Shield framework in the United States of America, and provisions for binding corporate rules, standard data protection clauses or approved codes of conduct. SeifMoney will further perform due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information. The data subject has enforceable rights and effective legal remedies;
- SeifMoney shall comply with its obligations under the data protection legislation by providing adequate protection to any personal data that is transferred (or, if it is not so bound, uses its best endeavors to assist the customer in meeting its obligations).
- SeifMoney complies with any reasonable instructions notified to it in advance with respect to the processing of personal data; and
- Upon written direction shall delete or return personal data (and any copies of it) unless SeifMoney is required by Law to retain the personal data.
Where SeifMoney is required to transfer personal data to the United States of America, SeifMoney shall only send such personal data to third-party sub-contractors that meet the minimum requirements contained under the Privacy Shield framework, or in the standard contractual clauses for the transfer of personal data to processors established in third countries under Data Protection Act 2018.
These measures may include reviewing third parties’ privacy and security standards, verifying if they have certified their compliance with the EU-U.S. Privacy Shield Framework and, where applicable, the Swiss-U.S. Privacy Shield Framework and/or entering into appropriate contracts (on the basis of the template adopted by the EU Commission and available via its homepage).
Retention Period
Under the current Romanian anti-money laundering regulatory framework, SeifMoney will process personal data for the duration of the contract for services and will store the personal data for five (5) years. Such a period may be prolonged in accordance with Romanian anti-money laundering law no. 129/2019 and the current regulation (Law 677/2001; Law 190/2018, GDPR 679/2016 Act). When we no longer need to retain your personal data, it will be deleted or anonymized.
We will retain personal data for the period necessary to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. Please note that we have a variety of obligations to retain the data that you provide to us, including to ensure that transactions can be appropriately processed, settled, refunded, or charged back, to help identify fraud, and to comply with anti-money laundering and other laws and rules that apply to us and to our financial service providers.
Your Rights as a Data Subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Your rights
What does this mean?
The right to be informed
You have the right to be provided with clear, transp-arent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Policy.
The right of access
You have the right to access any personal data we hold about you (subject to certain restrictions). In exceptional circumstances we may charge a reasonable fee for providing such access but only where permitted by law (e.g. where your request is manifestly unfounded or excessive).
The right to rectification
You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete.
The right to erasure/right to be forgotten
In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data.
The right to object to direct marketing, including profiling
You can unsubscribe or opt out of our direct marketing communication at any time. The easiest way to do this is by clicking on the “unsubscribe” link in any email or communication we send you or follow any other opt-out instructions communicated to you. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
The right to withdraw consent at any time for and personal data processing based on consent
You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this does not affect the lawfulness of our processing before your withdrawal.
The right to object to processing based on legitimate interests
You may object at any time to our processing of your personal data when such processing is based on our legitimate interests.
The right not to be subject to a decision based solely on automated decision-making which produces legal effects or similarly significant effects
You may have the right not to be subject to such type of automated decision-making about you, unless: (i) you gave us your explicit consent to use your personal data to make our decision; (ii) we are allowed by law to make our decision; or (iii) our automated decision was necessary to enable us to enter into a contract with you.
The right to lodge a complaint with a supervisory authority
You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority as we will always seek to resolve your complaint in the first instance.
The right to data portability
You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means.
The right to restriction
This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further.It applies in the following limited circumstances set out in the EU General Data Protection Regulation:• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;• the processing is unlawful and you object to the erasure of your personal data and request us to restrict the ways in which we processe your personal data;• We no longer need your personal data for the purposes of its processing, but you require the personal data for the establishment, exercise or defence of legal claims;• You object to our processing of your personal data based on our legitimate interests, pending the verification whether our legitimate grounds override your rights and freedoms.
Changes to this privacy policy
We may amend this privacy policy from time to time. Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Complaints
In the event that you wish to lodge a complaint with the respect to the mechanism for processing Personal Data by the Controller, when you consider your personal rights with the respect to Personal Data are infringed, you have the right to lodge a complaint directly to SeifMoney, by email. If you are not satisfied with your complaint handling by SeifMoney, the complaint shall be filled with the National Supevisory Authorithy for Personal Data Processing by email to anspdcp@dataprotection.ro/dpo@dataprotection.ro or by vising https://www.dataprotection.ro/?page=Plangeri_RGPD