Data Privacy
Effective as of 16th March 2022.
This Data Privacy Notice (“Privacy Notice”) explains how We process the personal data (“Personal Data”) that We collect when You use our services as a customer, visit and/or use our website accessible through: www.epayworldwide.gr (‘’Website’’), or otherwise interact with Us. In this Privacy Notice, We also specify how Your information could be potentially shared with third parties and the privacy policies we have in place to protect your Personal Data.
References to ‘’We’’, ‘’Us’’, ‘’Our(s)’’ or ‘’epay’’ shall refer to Euronet Merchant Services Payment Institution Single Member S.A., and references to ‘’You’’ or ‘’Your(s)’’ shall refer to any user of the Website.
The following information (Overview) represents a first approach on the types of Personal Data We will process to provide You with Our Service and to comply with all Our legal and contractual obligations. You can access additional information below (Detailed information).
Overview
Who are we?
We are Euronet Merchant Services Payment Institution Single Member S.A., authorised as a Payment Institution by the Bank of Greece under Law 4537/2018, doing business as ‘’epay’’, and we are a global brand, part of the Euronet Worldwide Inc. group (“Euronet Group”).
You can find all our contact details here.
What type of data is collected?
We collect only the data we need to by law and/or local regulation and to provide our Services. This includes:
- Identification data
- Financial details
- Transactional data
We will never collect more data than what is strictly necessary.
Why do we collect data?
We collect Personal Data for specific contractual and legal purposes. The Personal Data also serves to enhance the user experience in Our Website.
How long does epay collect data for?
We will keep Personal Data for as long as needed, as required by law and/or local regulation.
Occasionally, legal requirements may translate into a longer retention period, but will be deleted once the requirements are fulfilled.
With whom do we share customer data?
We share customer Personal Data with other companies within the Euronet Group, local authorities, and partners to meet Our regulatory and contractual obligations.
Where does epay keep your Personal Data?
We store customer Personal Data in secure locations with strict security measures in place.
If We need to transfer customer Personal Data to other countries, We will take all necessary measures to comply with legal obligations and ensure a proper level of security.
What are your rights?
You are the owner of Your Personal Data and have a legal right to exercise control over it. You may exercise any of Your rights at any time by sending an email to dpo@euronetworldwide.com:
- Access to and an electronic copy of Your Personal Data
- Correction of Your Personal Data
- Deletion of Your Personal Data (where permitted by law)
- Restriction of processing of your Personal Data
Detailed information
1. Who are we
For any processing of Personal Data carried out when You use any of Our services or visit this Website, the Controller is Euronet Merchant Services Payment Institution S.A., authorised as a Payment Institution by the Bank of Greece under Law 4537/2018, which operates under the brand name of epay, with corporate registration address at 1, Sachtouri & Poseidonos Ave, 17674, Kallithea, Attica, Greece.
To contact the Euronet Group Privacy Office, You can send an email at dpo@euronetworwilde.com.
We encourage You to review and check the Privacy Notice regularly for any updates. We will publish the updated version on the Website and by continuing to deal with Us, You accept this Privacy Notice as it applies from time to time.
2. What Personal Data we collect, how we collect it and why?
Identification data
This include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, gender, images, signature, passport/visa details, voice recording, official credentials, and its image capture. We may also collect data obtained from third parties, such as those collected in the context of a credit worthiness check.
| The reason to process Your Personal Data | Legal basis for using your Personal Data |
| Supply of services and products. | • Pre-Contractual and Contractual obligation |
| Newsletter and marketing purposes | • Consent |
| Market research & consumer feedback: Any information that Our customers voluntarily share with Us about their experience of using Our products and services. | • Legitimate interest • Consent |
| Customer service: We will monitor and record (via automated means or transcripts) Our telephone calls, emails and chat conversations with Our customers. We will use transcripts of these calls to confirm instructions You provide Us. | • Contractual obligation • Legitimate interest |
| Managing Our customers’ accounts (registration and administration) | • Pre-contractual/Contractual obligation |
| Requesting access to tools and information: Our customers may wish to have access to certain tools and information made available on the Website, before or after deciding that they would like to register to use Our services. | • Pre-contractual/ Contractual obligation |
| Participation in events and giveaways: Our customers may wish to take part in events organized by Us or in a specific giveaway. | • Consent • Contractual obligation |
| Credit worthiness check. We will use Your identification data and economic data you have provided Us to do a credit worthiness check in order to provide You with Our services/products according to Your economical capacity. | • Legitimate interest |
| Login credentials to connect with any of Our platforms | • Contractual obligation |
| Protection of Our legal rights and comply with Our legal obligations | • Legal obligation |
| Correspondence including e-mails, faxes, online form and any kind of electronic communication, together with any records of their account. We also keep customer service letters and other communications between Us and any company within Our group as well as Our partners and suppliers | • Legitimate interest • Contractual obligation |
Financial details
We collect Your personal financial data when You become a customer. We may collect financial data such as bank account information, financial statements, transfer reason, historical transactions, information related to any transaction process by Us, occupation, terminal ID, or other documentation to demonstrate the source of funds You wish to transfer (this is similar to salary receipts), in order to provide You with Our services.
| The reason to process your personal data | Legal basis for using your Personal Data |
| Supply of Services | • Contractual obligation |
| Anti-Money laundering | • Legal obligation |
| Anti-Terrorist Financing and Criminal activity | • Legal obligation |
| Managing Your profile | • Contractual obligation |
| Legal profiling for credit reports | • Legitimate interest |
| Protection of Our legal rights and compliance with Our legal obligations | • Legal obligation |
Non-identifiable data
Whenever possible, We use data through which You cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data. This non-identifiable data may be used to improve Our internal processes or delivery of services, without further notice to You.
We may use aggregate data for a variety of purposes, including but not limited to evaluation and improvement of the services and analyze traffic to Our services.
Legitimate interest
When We use customer Personal Data to pursue Our legitimate interests, We will make every effort to match Our interests with Yours so that Your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect Your rights. Upon request, You may request information on any processing based on legitimate interest.
3. How long does epay keep Personal Data for?
Personal data is used for a variety of purposes and is governed by a variety of rules and regulations. It is kept for as long as it is necessary to provide customers with the services they have requested and to comply with applicable legal, accounting, or reporting obligations. For example:
- Legal and Regulatory Requirements: Certain laws and regulations compel Us to retain Your Personal Data for specific periods. After those obligations have been fulfilled, Your Personal Data will be deleted or anonymized.
- Customer Service (administration of customer relationship, complaint handling, etc.): We may continue to process and store Your Personal Data to maintain a business relationship with You.
- Marketing: In many countries, with Your consent, We will continue processing Your Personal Data for marketing purposes as long as You haven’t asked Us to opt-out, according to section 8 of this Privacy Notice.
- Contractual obligation: We will keep Personal Data for the duration of the contractual agreement. Customers can contact Our Euronet Group Data Protection Officer to obtain a copy of Our Retention Policy, which may vary according to the applicable law, and the specific business necessity depending on the country.
4. Does epay share my Personal Data with third parties?
Euronet Group:
| • We may share customer’s Personal Data with Euronet and Euronet Group affiliates for compliance with group obligations and for the proper functionality of our Services | • Legal obligation |
| • As a result of any corporate transformation involving epay. • We may share Your Personal Data with different companies within Euronet Group to provide You with Customer Service assistance, and to complete any transaction or provide any service or product You have requested or authorized. | • Contractual obligation |
Third party service providers and bank entities:
| • We share Personal Data with third-party service providers to manage, enable or facilitate certain aspects of Our services. • For compliance verifications and fraud prevention by third party service providers. | • Legal obligation |
| • Communications, infrastructure and fulfillment providers including services and systems to enable the processing of the transaction. • To maintain the required level of performance of Our services. | • Contractual obligation |
| • For data analysis for marketing, operational improvement and enhancement of Our compliance and antifraud systems. | • Legitimate interest • Legal obligation |
| • To promote Our services. • To personalize the placed advertisement in digital services and adapt to consumer preferences. | • Consent |
Legal and regulatory:
| • We need to disclose Your Personal Data to the authorities. We may also disclose Personal Data to the authorities when disclosure is necessary to identify, contact, or bring legal action against someone who may be causing injury or interfering with the rights or property of Epay, the service, or to any of Our customers. | • Legal obligation |
Credit Worthiness
This Section (‘’Credit worthiness’’) shall apply only in case You have applied or contracted with Us for the provision of merchant acquiring services to You.
Bank Information Systems S.A. (trade name: Tiresias S.A.), with an address at 2, Alamanas Street, 151 25 Marousi, Athens, Greece (‘’Tiresias’’):
For the purpose of assessing and/or re-evaluating the underlying transaction/credit risk in the context of the potential transaction or current contract between You and Us, whether that is for a fixed or indefinite period, for as long as such relationship exists, at Our discretion, we will access and conduct searches of Tiresias’ TSEK system (‘’Risk Control Record’’ or ‘’TSEK System’’) which contains Your Personal Data and other information listed below,. Further, in accordance with decision 186/2014 of the Hellenic Data Protection Authority (‘HDPA’), We act as the Processor on behalf of Tiresias, who is the Controller, for the purpose of informing You of the collection and processing of Your Personal Data and the exercise of Your associated rights. In particular:
| The reason to process your personal data | Legal basis for using your Personal Data |
| Ensuring commercial loyalty, reliability and security of transactions and the exercise of the rights of economic freedom and freedom of information by enabling Us to assess or re-evaluate the solvency of its counterparties and in particular the transaction credit risk undertaken in the course of business undertaken. | • Legitimate interest |
We will have access to the following categories of Personal Data maintained by Tiresias:
- Uncovered checks;
- Unpaid, upon maturity, bills of exchange and promissory notes;
- Applications for bankruptcy – Decisions rejecting applications for bankruptcy because of the lack of sufficient assets of the debtor;
- Conciliation/resolution requests and decisions (Article 99 et seq. of the Bankruptcy Code);
- Declared bankruptcies;
- Payment Orders and Orders for the surrender of leaseholds,
- Auctions of real estate and movable property;
- Mortgages, conversion of prenotations of mortgage to mortgages and mortgage prenotations;
- Seizures of real estate and checks based on N.D. 17.7/13.8.1923;
- Petitions and decisions for judicial settlement of debts of Law 3869/2010;
- Company data from the Official Government Gazette and the General Commercial Register.
The data extracted from Tiresias shall be destroyed after the end of the transaction in connection with which it was extracted. We also keep a record of all written notifications we provide for and on behalf of Tiresias. Such record of notifications will be passed on to Tiresias. However, in order to comply with our legal obligations, such record of notifications of data subjects kept by Us on behalf of Tiresias, will be kept for 5 years from the end of the transaction/contract under which it was acquired.
You have the right of access, correction, deletion, restriction of processing, opposition, complaint to the HDPA and non-transmission, in accordance with the applicable legislation on the protection of personal data, and You may exercise these rights in writing (and by electronic means) at www.tiresias.gr
Tiresias has the right, as applicable in each case, to refuse Your request if the processing or the maintenance of a record of the data is necessary according to the law or if there is an overriding legitimate interest of Tiresias or its authorized recipient, or for the purpose of establishing, exercising or upholding its legal rights or fulfilling its obligations. However, in any case, if You so wish, Tiresias may stop transmitting Your data to all the companies-recipients of the TSEK System, and shall transmit thereafter a relevant indication (transmission ban), which will not apply to Official Government Gazette and General Commercial Register data (such data will continue to be transmitted), and will be assessed by each recipient at its discretion. In case You exercise the right not to transmit to Us, or You object to access by Us to the TSEK System, We are directly obliged to stop access to Your data and inform Tiresias accordingly. In case You exercise the right to limit processing, Tiresias temporarily ceases to transmit the data and in its place it transmits the indication “Has exerted a restriction of processing for the data”, an indication that is assessed freely by the recipients. You may freely revoke Your request for non-transmission or restricted processing at any time by a relevant submission only to Tiresias. The exercise of these rights shall be effective for the future and shall not concern data processing already carried out.
For any additional information regarding the processing made by Tiresias, You can visit the Tiresias website at www.tiresias.gr
ICAP CRIF S.A., with an address at 2, El. Venizelou Ave., Kallithea, 17676, Athens, Greece (‘’ICAP’’):
For the purpose of assessing and/or re-evaluating the underlying transaction/credit risk in the context of the potential transaction or current contract between You and Us, whether that is for a fixed or indefinite period, for as long as this relationship exists, at Our discretion, we will access and conduct searches of ICAP’s system which contains Your Personal Data and other information.
| The reason to process your personal data | Legal basis for using your Personal Data |
| Ensuring commercial loyalty, reliability and security of transactions and the exercise of the rights of economic freedom and freedom of information by enabling Us to assess or re-evaluate the solvency of its counterparties and in particular the transaction credit risk undertaken in the course of business undertaken. | • Legitimate interest |
5. Does epay save correspondence that the customer sends?
Yes. We keep any correspondence customers send Us, including e-mails and faxes, together with any records of their account. We also keep customer service letters and other communications between Us and any company within Our group as well as Our partners and suppliers. These records will be kept in accordance with our Retention Policy. For additional information contact Us at dpo@euronetworwilde.com.
6. Data Security
We are committed to protecting customer Personal Data and have put in place safeguards to prevent any loss, abuse, and alteration of the information You have entrusted Us with. At epay, We will always strive to ensure Your Personal Data is well protected. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure Your personal information.
To safeguard Our systems from illegal access, We use secure, sophisticated, and cutting-edge physical and organizational security measures which are continually enhanced to ensure the highest level of security. All Personal Data is kept in a secure location protected by firewalls and other sophisticated security mechanisms with limited administrative access.
All Our personnel who have access (or are linked to) to the processing of Your Personal Data is contractually bound to keep customer data private and adhere to the privacy rules We have implemented in Our organization.
While We aim to achieve the highest standard of data protection by adopting industry-standard measures to protect Your privacy, no security system is completely flawless or impenetrable. As a result, We cannot (and do not) guarantee that Personal Data is completely secure.
7. Profiling and automated decisions-making
In some cases, We use automated decision-making and profiling, if it is authorized by legislation, and necessary for the performance of a contract. For example, the automated authorization for remittance services. The legal basis to proceed with the profiling and the automated decision-making is legitimate interest.
8. Marketing and Advertising
If You have given Us Your express consent, We may contact You from time to time (by email, SMS text, letter, or phone as necessary and according to your specific instructions) to provide targeted marketing about our services. You can withdraw Your consent at any time by sending an email to dpo@euronetworwilde.com or following the instructions in the marketing email We have sent You.
9. Use of pixels in Marketing emails
We may use pixels in Our marketing emails to tell Us whether, and how many times, Our emails are opened and to verify any clicks through to links or advertisements within the email. Uses of this information may include:
- Learning which of Our email’s users found more interesting.
- Determining users’ activity and engagement with Our products and services.
- Informing Our advertisers (in aggregate) how many users have clicked on the adverts.
- Which region Our audience is located in.
10. What are Your rights?
Customers may seek to access, update, modify or erase their Personal Data. Depending on Your country, You might have different rights. However, regardless your country, You can exercise the following rights, at any time:
- Request access to any Personal Data by submitting a relevant request (“Subject Access Request”). While exercising Your access right, You can ask Us about all the Personal Data We hold about You, the processing activities We carry on with Your Personal Data, the recipients of Your Personal Data, the different categories of Personal Data, how long We process Your Personal Data, and the existence of any automated decision regarding Your Personal Data.
- Request correction of any inaccurate Personal Data We might hold about You. If You have changed Your email address, or You see there is a misspelling error on any of Your Personal Data, You can exercise Your right of modification.
- Request to delete any Personal Data We hold about You. If You no longer want to receive any news from Us, or You do not want to keep using any of Our services, You can ask Us to delete any of Your Personal Data We hold. Please note, We might hold on to Your Personal Data to fulfill any of Our legal obligations. However, Your Personal Data will not be used for any other purposes.
You also have the right to file a complaint with a competent data protection authority or competent court if You feel We have failed to comply with Our duties under this Privacy Notice or the applicable law. We encourage customers to notify Us of any complaints that they may have, even if it is not required, and We will respond in accordance with our Complaints Procedure. You may find the below resources useful:
- Europe (EEA): Members | European Data Protection Board (europa.eu)
- Hellenic Data Protection Authority (dpa.gr)
We will respond to Your request as soon as possible and always within the timeframe stated in the applicable law.
For applicable rights, and to determine the exact amount of time within which We must respond to Your request, please refer to the specific residents´ section below.
To exercise any of Your rights, You must send an email to dpo@euronetworwilde.com. To help protect Your privacy and maintain security, We will take steps to verify Your identity and/or may ask You to provide other details before granting You access or modifying any Personal Data. Unfortunately, if We don’t a have a copy of Your ID or any legal valid document that proves Your identity, We will not be able to answer Your request.
Epay reserves the right to amend this Privacy Notice at any time and will place notice of such amendments on the Website or via any other mode epay finds suitable.