This Privacy Policy ("Policy") regulates and applies to all personal information held by PayToPlay OU (herein after the Company) as the controller of Customer's personal data and goes into detail on how the data are processed, including the measures taken to ensure that Customers' data is safe and secure. The terms of this Policy will apply to all personal information provided to the Company, and will continue to apply for as long as the Company hold Customers' personal data in terms of the applicable law. The Company is compliant with the applicable Estonian and International laws for the Prevention of Money Laundering and Terrorist Financing, GDPR as well as other data protection legislation applicable in Estonia. For the purposes of this Policy, personal data shall mean any information relating to Customer, which identifies or may identify a Customer and includes the following categories:
The Customer understands that the Company will not be able to provide the Services to Customer if he/she refuses to provide the Company information according to the Company’s KYC/AML requirements for verification of identity and ongoing monitoring of activity. In some cases, the Company may require additional details and documents for KYC and AML/CTF purposes.
The Company shall use and process the Customer’s personal data for the following purposes:
Except for the Company that collects, stores and processes Customers’ personal data, the following third parties acting on Company’s behalf (“Service Provider”), may collect, process and store personal data provided by the Customer:
According to the GDPR any Service Provider that processes the Customers’ personal data is obliged to:
The Company has a regulatory obligation to supervise and effectively oversee the outsourced functions and to act appropriately when it determines that the Service Provider is not performing the said functions effectively and in accordance with the applicable legislation.
The Company may use or disclose personal information without Customer’s consent only in certain circumstances:
When the Company is required or permitted to disclose information without consent, Company will not disclose more information than necessary to fulfil the disclosure purpose.
Customer has the following rights:
The Company must provide a copy of the information free of charge. However, the Company can charge a “reasonable fee” when a request is unfounded or excessive, particularly if it is repetitive.
As a general rule, the Customer data is processed within the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA.
If the processing and the storage of personal data provided by the Customer shall be provided in any jurisdiction within the European Union or outside of the European Union, the Company confirms this shall be done in accordance with applicable laws.
The Company has implemented necessary security measures to comply with acknowledged international security standards.
As soon as the Company receives the Customer's information, the Company implements strict security measures and procedures to avoid unauthorized access from any third party.
The Company undertakes appropriate technical, organizational and administrative security measures to protect any information it holds in its records from loss, misuse, and unauthorized access, disclosure, alteration and destruction. However, the Company cannot guarantee complete security of Customer’s data. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of Customer information at any time.
Customers must prevent unauthorized access to Customer’s profile and personal information by selecting and protecting Customer’s password appropriately and limiting access to Customer’s computer or device and browser by signing off after the Customer finished accessing Customer’s account.
Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect Customers’ personal data, yet it cannot guarantee the security of Customer data that is transmitted via email; any transmission is at the Customers’ own risk. Once the Company has received the Customer information it will use procedures and security features in an attempt to prevent unauthorized access.
When Customers contact the Company, a person may be requested to provide some additional personal data, like their name or email address. Such data will be used to respond to their query and verify their identity. Emails are stored on Company’s standard internal contact systems which are secure and cannot be accessed by unauthorized external parties.
The Company reserves the right to modify or amend this Privacy Statement unilaterally at any time in accordance with this provision.
If any changes are made to this privacy statement, the Company shall notify the Customer accordingly. The revision date shown on at the end of this page will also be amended. The Company does however encourage the Customer to review this privacy statement occasionally so as to always be informed about how the Company is processing and protecting Customer’s personal information.
Company’s website uses small files known as cookies to enhance its functionality and improve Customer’s experience.
A cookie is a small text file that is stored on a Customer's computer for record-keeping purposes. Company uses cookies on the Platform(s). The Company links the information it stores in cookies to any personally identifiable information Customer submits while on the Platform. The Company uses both session ID cookies and persistent cookies. A session ID cookie does not expire when Customer closes his browser. A persistent cookie remains on Customer’s hard drive for an extended period of time. Customer can remove persistent cookies by following directions provided in Customer’s Internet browser's “help" file.
Company sets persistent cookies for statistical purposes. Persistent cookies also enable the Company to track and target the location and interests of our Customers and to enhance the experience of Company’s services on the Platform.
If Customer rejects cookies, Customer may still use the Platform.
The Company will monitor on a regular basis the effectiveness of this Policy and, in particular, the execution quality of the procedures explained in the Policy and, where appropriate, it reserves the right to correct any deficiencies.
In addition, the Company will review the Policy at least annually. A review will also be carried out whenever a material change occurs that affects the ability of the Company to continue to the best possible result for the execution of its Customer Orders on a consistent basis using the venues included in this Policy.
The Company will inform its Customers of any material change to this Policy by posting an updated version of this Policy on its Website(s).
If the Customer has a concern about the way the Company handles its personal information, the Customer has a right to lodge a complaint. For further information, please contact our Data Protection Officer at: [email protected].
Company - PayToPlay OÜ, registered in Estonia with registration number: 14740025.
Website Platform - a website that is operated by the Company and available at https://paytoplay.ee.
Privacy Policy -This document
Customer - a legal entity that has read and agreed to the Terms of use of PayToPlay OU and uses services of the Company provided through the Website Platforms.
GDPR - the General Data Protection Regulation (EU) 2016/679.
KYC or Due Diligence - documents that are requested by PayToPlay OU from the Customers in order to identify the Customer and comply with applicable laws.
Last update: June 01, 2023
PayToPlay OU
Pärnu mnt 139C, office 210, Tallinn, Estonia, 11317
Last update: June 01, 2023
This Anti-Money Laundering and Know Your Customer Policy (hereinafter - the “AML/KYC Policy”) is designated to prevent and mitigate risks of Paytoplay OU related to money laundering and associated risks. This is a short extract of key principles of the internal Policy and should not be seen as a complete document. You can request the full document by contacting customer support of the Company.
Domestic and international regulations require Paytoplay OU to implement effective internal procedures and mechanisms to prevent money laundering, terrorist financing, drug and human trafficking, proliferation of weapons of mass destruction, corruption and bribery and to take action in case of any form of suspicious activity from its Customers.
AML/KYC Policy covers the following matters:
Before the company can execute any transaction for any new Customer, a number of procedures need to be in place and carried out:
Whenever the company receives supporting documents related to a new Customer’s identity, it needs to be completely satisfied that they demonstrate the existence of the new Customer as a real natural or legal person and that they are indeed whom they say they are. Although the company will at times rely on third party sources as part of its fact checking procedure when on boarding Customers, the company bears ultimate legal responsibility for the correct and full performance of the necessary checks under the present policy and applicable Law.
Customer’s identification information will be collected, stored, shared and protected strictly in accordance with the company’s Privacy Policy and related regulations that correspond to the GDPR requirements and its internal rules.Upon implementing DD measures the following person shall be identified:
The Client shall be identified for the first time, i.e. before establishing a Business Relationship, electronically on the Website.
Electronic identification shall take place on the Website using the following sources
AMLCO is ultimately responsible for implementing the regulations concerning AML. For the sake of ease of navigation in this document ‘compliance officer’ and ‘AMLCO’ refer to the same person; however, the specific tasks of each role are different.
As noted above, the AMLCO is a person of authority with access to any and all relevant information for the completion of his duties.
You can contact our AMLCO department by emailing us at: [email protected].
Compliance with the AML legislation shall be inspected at least once a year by the AMLRO.
If the inspection reveals any deficiencies in the Policy or their implementation, the report shall set out measures to be applied to remedy the deficiencies, as well as the respective time schedule and the time of a follow-up inspection.
If a follow-up inspection is carried out, the results of the follow-up inspection shall be added to the inspection report, which shall state the list of measures to remedy any deficiencies discovered in the course of the follow-up inspection, and the time actually spent on remedying the same.
The inspection report shall be presented to the Management Board, who shall decide on taking measures to remedy any deficiencies discovered.
The Company shall ensure that Client and Transaction data are registered in the Company’s Client database within the required scope.
Registration of data of a Client that is a legal person
The following information concerning a Client that is a legal person shall be recorded:
The Company is required to implement the applicable International Sanctions.
The Company is prohibited from transacting with individuals, companies and countries that are under international sanctions.
The Company shall draw special attention to all its Clients (present and new), to the activities of the Clients and to the facts which refer to the possibility that the Client is a subject of International Sanctions. Control and verification of possibly imposed International Sanctions shall be conducted by the Representatives as part of DD measures applied to the Clients in accordance with this Policy.
In case of doubt, the Company shall ask the Client to provide additional information that may help to identify whether the Client is the subject of International Sanctions.
The Company shall:
If in the course of the check, it is detected that a Client or an organization that used to be a Client is the subject of International Sanctions, the Company shall notify the FIU.
The Company does not provide services to persons residing in countries that:
Full list of such countries is available in the full version of the Anti-Money Laundering Policy and can be accessed by requesting the same from Paytoplay OU. Company reserves the right to update this list by the decision of the AMLCO having effect prior to updating of this document.
Last update: June 01, 2023