When using our website www.paspx.com and/or subscribing to our services you are subjected to acquisition of personal and corporate information.
What personal data we collect and why
In order to offer you PASPX’s services we need your name, address, national ID number, in some cases you company registration number as well as tax information, financial statements and other relevant documents for the purpose of identification, f.ex. passport, company charter, ultimate business owners and more.
PASPX also requires you to provide information about the extent of your expected business with PASPX.
Providing of information is voluntary; however, if you choose not to provide the required information we may be unable to extend our services.
PASPX collects and processes non-sensitive personal information about you. If you yourself send us information containing sensitive personal information – f.ex. information by mail, personal financial information, health data, membership of a certain political party or union, we consider your action an accept for PASPX to store the information. PASPX will not use this information in any other way other than is appropriate and relative to the service offering.
The collection of information by PASPX is done to underpin and support the offering of our product suite including payments, client service, e-merchant acquiring services, card issuance services, internal risk management, marketing and the fulfilment of regulatory and legal legislation.
If you are using our card offerings, OPAS (Online PASPX) or payment services in general, PASPX will collect information from you, the stores, banks and other institutions. This is done to make sure we can execute payments, create account statements, payment overviews and the likes.
If you are a Danish citizen, we will collect information about you from the Central Danish Persons Register and other publicly available sources and registers. If you are a non-Danish citizen, we will collect information about you from publicly available sources and registers.
When conducting a credit evaluation, we will collect information regarding payments history from credit bureaus and other publicly available sources and registers. We will update the information continuously as requested nu law.
We maintain a register of the communication with you and we may record certain phone conversations, f.ex. when handling complaints. You will be duly cautioned before we do.
According to the Anti Money Laundering and Counter Terrorist Financing laws PASPX is obligated to investigate the background and reason behind all complex and unusual transactions and activities and keep a record of these investigations.
PASPX exchanges information with SØIK (the Danish State Prosecutor for Serious Economic and International Crime) as required by the Anti Money Laundering and Counter Terrorist Financing legislation.
Further to the above we receive information about you from our partners (amongst other correspondent banks and other financial institutions) upon your explicit consent or if required by law for meeting our regulatory and legal obligations.
We store your information for as long as necessary and only in relation to the original purposes of the data collection.
According to the Anti Money Laundering and Counter Terrorist Financing legislation PASPX stores your information, documents and other relevant registrations for a period of minimum 5 years after the termination of the business relationship or the conclusion of a single transaction.
PASPX stores the information provided for establishing a client relationship for up to 2 years – even if the client relationship never materialised. This is done to prevent fraud.
The legal basis and purpose for using your personal data
The legal foundation for the processing of information by PASPX is the financial regulation and other legislation; mainly
- The Anti Money Laundering and Counter Terrorist Financing legislation
- Tax control legislation
- Bookkeeping legislation
- Payment legislation
- Data Protection legislation
Additionally PASPX will process any and all information required when you, the client contemplates entering into a client relationship with PASPX and/or you have already done so and/or if you have given your consent as per the Data Protection Act article 6, point 1, litra 1 and/or as per the Data Protection Act article 6, point 1 or article 9 as applicable.
PASPX will process your information to pursue a legitimate obligationfor PASPX. This could be for the prevention of fraud and subsequent loss of money, and/or to enhance IT- and payment- security.
With whom do we share your data
PASPX will share the information requiredto service you. E.g. if you instructed us to conduct a transfer, we will share the information necessary to identify you and fulfill the transaction.
Your personal data will be shared with the government authorities to the extend required according to legislation such as the anti money laundering and counter terrorist financing laws and the Tax Control Act.
Your personal data may be shared with external partners only if you have submitted your express consent or required by law.
If you default on your obligations to PASPX, we may report you to credit bureaus according to applicable legislation.
In connection to IT, hosting and support, personal data is transferred to data processors in other EU countries. We use standard contracts approved by the EU commission or the Danish Data Protection Agency to ensure that your rights and level of protection arenot compromised.
Subject to applicable Data Protection legislation we may share your personal data with:
- Sub-contractors and other persons who help us deliver products and services
- Companies and other persons providing services to us
- Our legal and other professional advisors, including our auditors
- Fraud prevention agencies, credit reference agencies, and debt collection agencies at account opening and periodically during account or service management
- Other organisations who use shared databases to validate card purchases and information in relation to the risk management of PASPX
- Law enforcement bodies
- Government bodies and agencies in Denmark and abroad (f.ex. SKAT who may in turn share it with the relevant overseas tax authorities and with regulators f.ex. SØIK)
- Courts, to comply with legal requirements, and the administration of justice
- The Financial Services Ombudsman
- In an emergency or to otherwise protect your vital interests
- To protect the security or integrity of PASPX business operations
- To other parties connected with your account (f.ex. guarantors) joint account holders will see your transactions
- When we restructure or sell our business or its assets or do a merger or re-organisation
- Market research organisations who help to improve our products or services
- Payment systems (f.ex. VISA) if we issue cards linked to your account; they may transfer your personal data overseas; this is necessary to operate your account and for regulatory purposes
- Anyone else if we have your consent or if it is required by law.
PASPX confidentiality and your free information access rights
Rules of confidentiality apply to PASPX employees and thus prohibits sharing of your information through their position at PASPX.
You can gain insight into which of your personal data PASPX is processing, where it is collected and how we use it. You may also gain insight into for how long we retain that information and who receives information about you.
However, your free access to information may be restricted by law concerning information submitted to government bodies under the ANti Money Laundering and Counter Terrorist Financing Acts. In such cases PASPX is not at liberty to disclose any information.
Your access may however be restricted by legislation. We can not inform you if we noted information and in that case which, in connection with investigations we are obliged to perform due to the anti money laundering and counter terrorist financing legislation. We may not inform you if we notify SØIK or which information we hand over to SØIK by assumption of money laundering or terror financing.
There may also be restrictions due to the protection of other peoples privacy and due to PASPX’ business practices such as our know-how, trade secrets, internal assessments and content otherwise except from your right to insight.
Rights in relation to automated decisions
PASPX may perform automatic evaluations of your personal data. E.g. to analyse your preferences, create a profile or due to legal requirements.
These automatic evaluations will be few and far between and you will be informed beforehand if your data will be used.
The right to have your data corrected or erased
If the personal data PASPX has on file is incorrect, incomplete or irrelevant, you may demand the data to be corrected or erased within the applicable legal restrictions.
In case we shared incorrect information with a third party, we will make sure to correct the mistake.
The right to restrict processing
If you object to the veracity of personal data on file with PASPX or if you object to the usage of your data, you may demand that the processing of this data is restricted to only being stored. The data will then be restricted to only being stored until the issues are assessed.
You have the right to delete personal data on file with PASPX, you have the choice to request your data to be restricted to only being stored.
The right to withdraw your consent
Your consent for PASPX to use your data for various purposes may be revoked by you at any time. The revocation must be submitted in writing.
The right to data portability
You have the right to request for a copy of your personal data, delivered by PASPX A/S in an electronic format of our choice.
Data usage complaints
You have the right to complain either directly to our Data Responsible Officer at email@example.com or to the Danish Data Protection Agency DPA at firstname.lastname@example.org.
Company Reg. No. (DK)31778964