MaxPay

MaxPay’s Privacy Policy establishes the terms under which the Institution processes its customers’ data and the rights that they can exercise.

1. Introduction

This Privacy Policy establishes the terms under which Maxpay – Instituição de Pagamento Lda (hereinafter “Maxpay”) processes its customers’ data and the rights that they can exercise.

Maxpay adopts appropriate measures to ensure the protection of its Customers’ personal data, in compliance with applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data or the General Data Protection Regulation («GDPR»).

We recommend that you review our Privacy Policy to ensure you understand how your personal data is handled.

2. Personal data and processing of personal data

Personal data is any information relating to an identified or identifiable natural person, directly or indirectly, such as, among others, their name, civil or tax identification number, location data, or other elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. The processing of personal data is any operation performed, by automated or non-automated means, on such data – collection, recording, alteration, consultation, use, transmission, and destruction.

3. Data controller

The processing of personal data will be carried out by Maxpay – Payment Institution Lda., with registered office at the Atrium Saldanha Building, Praça Duque de Saldanha, Nº1 – 4ºG-b, 1050-094 Lisbon, registered at the Lisbon Commercial Registry Office with the unique registration and legal entity number 513 050 078.

For questions related to the processing of your personal data, you should contact our Data Protection Officer through the following means:

Data Protection Officer: proteção.dados@maxpay.com.pt

4. How do we collect your data?

Maxpay collects personal data as part of the commercial relationship established with the customer, namely when that relationship begins with the creation of the customer file.

When collecting and processing data, Maxpay complies with applicable legal obligations and observes the processing principles and rules, requesting the customer’s consent when necessary to process data.

5. Data processing principles

a) Lawfulness, proportionality, and transparency:
Lawfulness – data is processed only in situations provided for by law, namely when:

• _ The data subject has given his/her consent for one or more specific purposes;
• _ The processing is necessary for the execution of a contract or for pre-contractual steps;
• _ The processing is necessary for compliance with a legal obligation to which the controller is subject;
• _ The processing is necessary to defend the vital interests of the data subject or another natural person;
• _ The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• _ The processing is necessary for the purposes of the legitimate interests pursued by the controller or by third parties, except where the rights, freedoms and guarantees of the data subject prevail.

Proportionality – data is processed in accordance with necessary, appropriate and relevant purposes.

Transparency – the information provided to the data subject will be clear, concise, intelligible and easily accessible.

b) Purpose limitation:
Maxpay ensures that the processing of personal data is limited to the legitimate purposes for which it was collected.

c) Data minimization and accuracy:
The personal data processed are adequate, relevant, and limited to what is strictly necessary to fulfill the purposes of the processing.

d) Limitation of data retention:
Personal data is retained in accordance with the provisions of point 9.

e) Integrity and confidentiality, availability and resilience:
Personal data is processed in a manner that guarantees its security, including protection against unauthorized processing and against accidental loss, destruction, or damage.

6. For what purposes are your personal data used?

Maxpay uses your personal data to:

• ⎯ Carry out any transfer operation to and from abroad or purchase and sale of foreign currency at your request;
• ⎯ Comply with the obligations provided for in applicable legislation;
• ⎯ Communicate promotional and advertising campaigns.

7. To which entities your data is communicated

Maxpay may use third parties—subcontractors—to provide certain services, which may involve these third parties accessing its customers’ personal data. Maxpay ensures that these subcontractors meet applicable legal requirements and offer appropriate data protection guarantees. In any case, these third parties will only access data strictly necessary for the pursuit of Maxpay’s business, specifically for the provision of the services provided to customers.

8. What are your rights as a data subject?

1. Right of access – provision of information about the personal data that Caixa holds regarding the data subject and about their respective processing;
2. Right to rectification – correction, updating or inclusion of information (which may be missing) relating to the data subject;
3. Right to erasure of data (“right to be forgotten”) – erasure of data, provided that the legal requirements for this purpose are met (no active contracts, the legal data retention period to which Caixa is obliged has expired);
4. Right to limit processing – suspension/cessation (temporary) of data processing, in compliance with applicable legal requirements;
5. Right to portability – provision of personal data provided by the customer, in a structured format for current use and automatic reading, so that they can be transmitted to another data controller;
6. Right to object – revocation of consent for data processing(s) carried out based on this basis.

9. Data retention periods

The personal data collected and processed by Maxpay will be kept during the execution of the contract or, for a longer period, after its termination, for the limitation or expiry periods relating to the rights arising therefrom, by virtue of a legal or contractual obligation or for the defense or exercise of rights within the scope of possible legal actions.

10. How can the customer exercise their rights and access information about personal data management?

Maxpay ensures customers can exercise their rights of access, portability, rectification, opposition, erasure and limitation of processing, within the legally imposed limits.

Customers may exercise the aforementioned rights by sending written communication to the attention of the data protection officer at the email address proteção.dados@maxpay.com.pt.

11. Security Measures

Maxpay guarantees high levels of security and protection for data subjects’ personal data. To this end, it adopts several technical and organizational security measures to protect personal data against loss, disclosure, alteration, unauthorized processing or access, as well as any other form of unlawful processing.