1. Terms and Definitions

1. “Policy” means this Personal Data and Cookie Processing Policy.

2. “Operator”, “We”, “Us”, “Ours”, etc. mean PLAYPAY LTD., a company incorporated under the laws of England and Wales, Registration number: 13752318, address: UNIT 161003, SECOND FLOOR, 6 MARKET PLACE, LONDON, FITZROVIA, W1W 8AF, UNITED KINGDOM.

3. “Personal Data Subject”, “You”, “Yours” mean Our counterparty under the Public Offer, which may be an individual who uses the Site to receive services to replenish the Service.

4. “GDPR” or “Regulation” mean EU General Data Protection Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of their Personal Data and on the free movement of such data, repealing Directive 95/46/EC as amended amendments, changes and additions to it, applied from time to time and included in the national legislation of the participating countries.

5. “Personal Data” include any information that relates to an identified or identifiable natural person. An identifiable person is a person who can be identified directly or indirectly, in particular by reference to such identifiers as name, identification number, location data, online identifier, or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

6. “Personal Data Processing” means any action (operation) or a set of actions (operations) performed with or without the use of automation tools with Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), Depersonalization, blocking, deletion, destruction of Personal Data. The Personal Data Processing is carried out by the method of mixed Personal Data Processing (including Automated Processing).

7. “Automated Processing” means Personal Data Processing using computer technology.

8. “Confidentiality” means a mandatory requirement for Us or other persons who have gained access to Personal Data to prevent their distribution without the consent of the Personal Data Subject or other legal grounds.

9. “Personal Data Depersonalization” means actions, as a result of which it becomes impossible, without the use of additional information, to determine whether Personal Data belongs to a specific Personal Data Subject.

10. “Transfer” means a payment transaction made by the User on the Site.

11. “Site” means Our website available at https://prostoplati.com.

12. “Cookies” mean small text files placed by the Site on Your computer or device when You, for example, visit certain areas of the Site and/or when You use certain features of the Site.

13. “California Online Privacy Protection Act” or “CalOPPA” is the California Online Privacy Protection Act.

14. “California Consumer Privacy Act” or “CCPA” is the first comprehensive privacy law in the United States, enacted in late June 2018, which provides various privacy rights to California consumers.

15. “US Privacy Act 1974” or “UPA” is Privacy Protection Act that governs the processing of personal information of US citizens or US residents.

16. “PECR” is Privacy and Electronic Communications Regulations (EU Directive) 2003.

17. “Federal Law No. 152-FZ” is Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data".

18. “Public Offer” means Our Public Offer published at: https://prostoplati.com/offer.

2. Subject and Grounds for the Personal Data Processing

1. Subject of the Policy. The provisions of this Policy apply to the relationship between Us and You with respect to the Personal Data Processing performed by Us within our relationships regarding Your use of the Site and the Our rendering of the services based on Your acceptance of the Public Offer.

2. Grounds for Personal Data Processing. The basis for the processing of Your Personal Data is always Your consent. Without Your consent to the terms of this Policy, We will not be able to fully ensure the fulfillment of obligations under the agreements concluded with You, so We made it impossible to conclude such agreements without the consent to this Policy.

3. Policy Acceptance 

1. Acceptance. Acceptance of the Policy is considered to be performed after You have registered on the Site and agreed with its provisions by marking the form accordingly.

By accepting the Policy as above, You express Your full Consent to the Аutomated Processing, as well as Personal Data Processing without the use of automation tools. Please note that We may store data about Your actions (through a logging system) to make a mark throughout the entire period of existence of the Personal Account, as well as for five (5) years after its deletion, unless another period is provided by applicable law.

4. Policy Term and the Personal Data Processing

1. Validity Period. After accepting the terms of the Policy, it is valid indefinitely. However, this does not affect the Personal Data Processing period established by this Policy.

2. Personal Data Processing Period. As a general rule, We process Your Personal Data throughout the entire period of existence of the Personal Account, as well as for five (5) years after its deletion (or from the date We receive a duly executed written withdrawal of Your consent to the Personal Data Processing), if the storage period of Personal Data is not established by applicable law, the Public Offer, or any other agreement, one way or another related to the use of the Site, to which You are a party. In other cases, We will cease Personal Data Processing if You object it or if You withdraw Your previously given consent in accordance with the terms of this Policy. However, We may not be able to perform Our obligations under agreements with You.

3. Amendment. The Policy may be amended by Us at any time. In particular, this may be due to a change in Our business processes, the influence of external factors and other reasons. After making changes, We immediately publish the amended Policy on the Site so that You have the opportunity to study it in the new edition. We will definitely notify You about the change in the Policy by sending a notice to the Personal Account and(or) by publishing it on the Site. In the event that You continue to use the Site after the changes to the Policy are made, We unconditionally consider that You agree with the terms of the Policy in the new edition.

5. Legal Basis, Goals and Principles of the Policy

1. Legal Basis. The Policy has been developed based on the following laws and regulations: (a) GDPR; (b) CalOPPA; (c) CCPA; (d) PECR; (e) Federal Law No. 152-FZ; (f) GDPR; (g) as well as other laws and regulations which determine the cases and features of the Personal Data Processing of the Personal Data Subject.

2. Goals. The Policy pursues the following goals: (1) ensuring the requirements for the protection of the rights and freedoms of a person and a citizen under the Personal Data Processing, including the protection of the rights to privacy, personal and family secrets, (2) preventing unauthorized actions (illegal or accidental access) of any third parties to Your Personal Data, as well as the destruction, modification, blocking, copying and distribution of Personal Data, (3) ensuring the legal and regulatory regime of Confidentiality and control of Your Personal Data, (4) protecting the constitutional rights of citizens to personal secrecy, Confidentiality of information, constituting Personal Data, and preventing the occurrence of a possible threat to Your security.

Therefore, the main purpose of the Policy is to provide You with a full and transparent understanding regarding: the legal basis for the collection and processing of Your Personal Data; the categories of Personal Data We may collect about You; what happens to the Personal Data We collect; where We process Your Personal Data; how long We keep Your Personal Data; to whom We may share Your Personal Data; and explain Your rights as the Personal Data Subject.

3. Principles. We pursue the following principles of Personal Data Processing: (1) the Personal Data Processing must be carried out on a lawful and fair basis, (2) the Personal Data Processing must be limited to the achievement of specific, predetermined and legitimate purposes; Personal Data Processing that is incompatible with the purposes of collecting Personal Data is not allowed, (3) the content and scope of the processed Personal Data must correspond to the stated purposes of processing; the processed Personal Data should not be excessive in relation to the stated purposes of their processing, (4) during the Personal Data Processing, the accuracy of the Personal Data, their sufficiency and relevance in relation to the purposes of the Personal Data Processing, (5) the storage of Personal Data should not be carried out longer than required by the purposes of processing Personal Data, unless a different period of storage of Personal Data (or the procedure for determining it) is provided for by the Policy.

6. Personal Data Collected

1. Registration on the Site. In accordance with the Public Offer, when You register on the Site, We collect the following Personal Data: (1) Name (if You provide Your personal name), (2) Email.

2. Service Data. After Registration, You will be able to get the Platform Replenishment services. In this case, it will be necessary to enter the identifier of the user's personal account on such a Service, which may contain Personal Data. In such a case, it is considered that You have given Us consent to the processing of such data.

3. Payment Details. When making a payment, the following data will be required: (1) bank card number, (2) bank card expiration date (Month/Year); (3) bank card code (PPK2/CVC2/CVV2). Please note that such entered data is stored by Our payment partners. We DO NOT collect or store payment data within our relationship under the Public Offer.

4. Technical Data. While using the Site, We automatically collect some of Your Personal Data. Such data includes, for example, technical information, including the Internet Protocol (IP) address used to connect Your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions , operating system and platform, information about Your visits to websites, etc.

5. Other Data. In exceptional cases, We may ask You to provide additional Personal Data. We will certainly notify You in advance about this and ask You to provide additional consent to the Processing of additional Personal Data.

6. Personal Data of Third Parties. Please note that if You provide Us with Personal Data of third parties, You guarantee that You have received from such persons all the necessary consents (including consent to the transfer of Personal Data), other documents necessary for the implementation of the provisions of this Policy in full, executed by them in the form and in accordance with their personal applicable law (Consent of third parties), and if You act as the operator of the Personal Data of such persons, You also guarantee that You ensure the procedure for the transfer and protection of their Personal Data to the extent not less than provided for in this Policy. At the same time, the Consent of third parties must be executed by them in writing, the original of which must be provided by You no later than seven (7) calendar days from the date of sending the corresponding request from the Operator. Providing Personal Data to third parties without complying with this warranty is unacceptable, and You fully accept all responsibility for breach of this warranty.

7. Rights of the Personal Data Subject

1. Getting Information. You have the right to receive information about Us, Our location, whether We have Your Personal Data, as well as to get acquainted with such Personal Data.

2. Clarification. You have the right to demand from Us to clarify Your Personal Data, block it or destroy it if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect Your rights.

3. Accessibility. Information about whether We have Personal Data will be provided to You in an accessible form, and it will not contain Personal Data relating to other Personal Data Subjects.

4. Access Order. You (or Your legal representative) may access Your Personal Data in person or by sending a written request. In this case, the request must contain the number of the main document proving Your identity or Your legal representative, information about the date of issue of the specified document and the authority that issued it, and a handwritten signature. The request may be sent electronically. We are required to respond to Your request within thirty (30) days from the date it was received, which may be extended up to sixty (60) days depending on the complexity and number of requests.

5. Response Content. In a request for access to the Personal Data, You have the right to require Us to obtain information regarding Your Personal Data Processing, including: (1) confirmation of the fact and the purpose of the Personal Data Processing, (2) manner of the of Personal Data Processing, (3) the name and location of the Operator, information about the persons who have access to Personal Data or who may be granted such access, (4) the list of processed Personal Data and the source of their receipt, (5) the terms for of the Personal Data Processing, including the terms their storage, (6) information about legal consequences of the of Personal Data Processing for the Personal Data Subject.

6. Consent Withdrawal. You have the right to withdraw consent to the Personal Data Processing, restrict the methods and forms of Personal Data Processing, and prohibit the share of Personal Data without Your consent.

7. Objecting. You have the right to object Our actions or omissions to the authorized body for the protection of the rights of Personal Data Subjects or in court.

8. Protection. You have the right to protect Your rights and legitimate interests, including compensation for damages and compensation for moral damage in court.

8. Rights of the Data Subject (GDPR)

If You are a citizen of a member state of the European Economic Area or the United Kingdom (or legally provide Us with such person's Personal Data), You also have the following rights. You can use them by sending an appropriate email to Our Contact Information.

1. Right to be Informed (Art. 12-14 of the Regulation). You have the right to be informed about the collection and use of Your Personal Data, in particular the purposes of the Personal Data Processing, the retention periods and to whom it will be shared. This information must be provided at the time We collect Your Personal Data. If We receive Personal Data from other sources, We will notify You within a reasonable time after We receive the data and no later than one (1) month, unless You already have such information and if it does not require a disproportionate effort to provide it. Information should be concise, transparent, understandable, easily accessible, and expressed in clear and understandable language, which is why We try to explain Our data processing policy in detail. We will bring to Your attention any new use method prior to the Personal Data Processing.

2. Right to Access (Art. 15 of the Regulation). You have the right to receive confirmation from the Operator for any fact of Personal Data Processing and, if necessary, obtain access to the Personal Data and the following information: the purposes of processing; categories of relevant Personal Data; recipients or categories of recipients to whom Personal Data has been or will be disclosed, in particular recipients from third countries or international organisations; if possible, the envisaged period for which the Personal Data will be stored or, if this is not possible, the criteria used to determine such period; the existence of the right to demand from the Operator the correction or deletion of Personal Data or restriction of the Personal Data Processing in relation to the data subject or to object to such processing; the right to file a complaint with a supervisory authority; the existence of an automated decision-making process, including profiling, referred to in Articles 22(1) and (4) of the Regulation and, at least in these cases, meaningful information about the underlying algorithm and the meaning and intended consequences of such processing for the data subject. If Personal Data is transferred to a third country or international organization, You have the right to be informed about the safeguards in place associated with such transfer. Upon request, the Operator also provides a copy of the processed Personal Data. For all additional copies requested by the Personal Data subject, the Operator may charge a reasonable fee based on administrative costs. If You make a request by electronic means, and unless otherwise required, the information must be provided in a commonly used electronic form.

3. Right to Rectification (Art. 16 of the Regulation). You have the right to have the incorrect or inaccurate data rectified upon Your request, either orally or in writing. The Operator has one (1) calendar month to respond to such a request.

4. Right to Be Forgotten (Art. 17 of the Regulation). The Regulation grants natural persons the right to ask Operators to delete their Personal Data. You may request erasure by contacting Our data protection officer, who has one (1) month to respond to Your request. Please note that this right is not absolute and only applies under certain circumstances, provided for in Article 17 of the Regulations.

5. Right to Restrict Processing (Art. 18 of the Regulation). You have the right to request the restriction or termination of the processing of Your Personal Data. If the processing has been restricted, such Personal Data, other than storage, are processed only with the consent of the data subject or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for the protection of the public interest of the union or state-member. Please note that this right is not absolute and only applies under certain circumstances, provided for in Article 18 of the Regulations.

6. Right to Data Portability (Art. 20 of the Regulation). The right to data portability allows You to obtain and reuse Your Personal Data for Your own purposes across various services. It allows You to easily move, copy or transfer Personal Data from one IT environment to another in a safe and secure manner without affecting the usability of Personal Data. Please note that You have the right to transfer Personal Data directly from one Operator to another, where this is technically possible.

7. Right to Object Processing (Art. 21 of the Regulations). You have the right to object to the processing of Your Personal Data at any time on grounds relating to Your particular situation. We will not further process Your Personal Data unless We have compelling legitimate grounds for processing that are more significant than the interests, rights and freedoms of the data subject or to establish, exercise or defend legal claims. If Your Personal Data is processed for direct marketing purposes, You have the right to object to the Personal Data Processing relating to You for such marketing purposes, including profiling insofar as it is related to direct marketing.

8. Rights Related to Automated Decision Making, Including Profiling (Art. 22 of the Regulations). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him(her) or significantly affects him(her). Please note that this right is not absolute and only applies under certain circumstances provided for in Article 22 of the Regulations. You may withdraw Your consent to the Personal Data Processing at any time. Please remember that withdrawal of consent only applies to the future. Any actions related to processing carried out prior to such revocation shall not be affected by it.

9. Personal Data Transfer

1. Transfer of Personal Data. To achieve the Personal Data Processing goals, We may need to provide Your Personal Data to (1) the payment partner, credit institutions involved in the Transfers in order to maintain the proper level of security of online payments made using electronic means of payment through the authorization page, the list of which is established payment system security protocols, acquiring banks, issuers of electronic means of payment (subject to the Public Offer), (3) fraud prevention agencies (including activity fraud, financial fraud and financial fraud bureaus), (4) government authorities, in particular, executive authorities.

2. Mandatory and Optional Transmission. The transfer of information may be mandatory, for example, in terms of information about the user equipment: IP address, OS, geographical data, ID / type of equipment, channel used: browser / application, payment authorization, identification / verification, or optional, for example, in terms of information about indicators of address matching, account information, etc.

10. Personal Data Storage

1. Localization of Personal Data. If You are a citizen of one of the member states of the European Economic Area or the United Kingdom, then Your Personal Data is collected and Processed in the European Economic Area. If You are a citizen of the Russian Federation, then We store Your data on servers located on the territory of the Russian Federation.

11. Principles and Measures for the Personal Data Protection

1. Principles. We apply legal, organizational, administrative, technical and physical measures to protect Personal Data. To ensure the protection of Your Personal Data.

2. Measures. Measures to ensure the security of Personal Data during their processing are planned and implemented in order to ensure compliance with the requirements of legislation in the field of Personal Data and regulations adopted in accordance with it. We ensure the security of Your Personal Data, including in the following ways: (1) limiting and specifying the composition of the Operator’s employees who have access to Personal Data, (2) appointing a person responsible for organizing the Personal Data Processing, (3) developing and implementing local acts on on the Personal Data Processing, (4) identification of threats to the security of Personal Data during their processing in information systems of Personal Data, (5) the application of organizational and technical measures to ensure the security of Personal Data, (6) the use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure , (7) taking into account electronic media, (8) establishing rules for access to Personal Data, (9) restricting access to the premises where the technical means that process Personal Data are located, as well as storage media, (10) detecting facts of unauthorized access to Personal Data and taking measures to prevent such access, (11) adding Personal Data (which is not publicly available, requiring Confidentiality) to the Operator’s list of confidential information, (12) obtaining an obligation not to disclose confidential information, including Personal Data, with all employees of the Operator directly involved in the Personal Data Processing, (13) recovery of Personal Data modified or destroyed due to unauthorized access to them, (14) familiarization of the Operator’s employees directly involved in the Personal Data Processing with the provisions of the legislation on Personal Data, including requirements for the protection of Personal Data, local acts on the Personal Data Processing, (15) control over the measures taken to ensure the security of Personal Data.

12. Cookies

1. Use of Cookies. The Site uses cookies. When You visit the Site, Your Internet browser transmits certain information to Our server: (1) date and time of visit, (2) browser type, (3) language settings, (4) operating system. This information is stored in connection logs for a limited time (from a session to a year) to ensure the security and proper operation of the Site, as well as to collect statistical information.

2. Function Cookies. There are different groups of Cookies that are used on the Site. The first group is functional and technical Cookies. The main function of such files is to allow the Site server to obtain information about Your session, language, browser, etc., and to ensure the full operation of the Site. These cookies are needed to recognize You when You visit the Site again. This allows Us to personalize the content of the Site to Your needs and to remember Your preferences. The second group are analytical cookies, they allow Us to evaluate and count the number of visitors, as well as to understand how they move around the Site while using it. This helps Us make improvements to the operation of the Site, for example, by optimizing the search for the desired sections, making it simple and efficient. You have the right to refuse the use of analytical cookies by making the appropriate settings in Your web browser.

3. Cookies Storage Period. By the time they are stored on Users' devices, Cookies are divided into Persistent Cookies and Session Cookies: “Session Cookies” are files that are stored on Your device until You close Your browser. “Persistent Cookies” are stored on Your device until they expire or You delete them.

4. Disabling Cookies. You have the ability to accept or decline all cookies on all websites You visit by changing the settings in Your web browser. For example, when You are using Internet Explorer version 11.0 You should do the following: (1) select "Settings", then "Internet Options", (2) go to the "Privacy" tab, (3) use the mouse to select Your preferred settings. Each browser must use its own settings to change and delete cookies. Please note that certain features of the Site may not be available if You disable Cookies. For more information on how to adjust or change Your browser settings, please refer to Your browser instructions or visit www.aboutcookies.org or www.allaboutcookies.org . If You use different devices to access the Site (e.g. smartphone, tablet, computer, etc.), You should ensure that each browser on each device is set according to Your cookie preferences.

13. Contact Details and Exchange of Correspondence

1. Parties’ Contact Details. In the course of fulfilling our obligations, there may be (and in some cases there must be) an exchange of important legal information between us. Such an exchange takes place using the appointed parties’ contact detailes (Contact Details), both in writing and in electronic form (equivalently). At the same time, the conclusion of a separate agreement on the use of electronic document management is not required. Our Contact Details are specified in the Official Notice (at the end of this document), and your Contact Details are indicated by you in the Personal Account. Please remember that you bear all the risks associated with the accuracy and relevance of your Contact Details. Please make sure that we only have your up-to-date Contact Details.

2. Correspondence Exchange. The exchange of correspondence is possible only with the use of the Contact details of the parties.

14. Final Provisions

1. Divisibility Clause. In the event that one or more provisions of the Policy are declared invalid or irreconcilable, etc., then such provisions are considered to be replaced by valid provisions as close as possible in their meaning. At the same time, the Policy cannot be invalidated in full under any circumstances.

15. Official Notice

PLAYPAY LTD.

Registered under the laws of England and Wales

Registration number: 13752318

Address: UNIT 161003, SECOND FLOOR, 6 MARKET PLACE, LONDON, FITZROVIA, W1W 8AF, UNITED KINGDOM.

Email: info@prostoplati.com 

Email (Questions about Personal Data): privacy@prostoplati.com  

THESE CONTACTS ARE THE ONLY OFFICIAL SOURCES OF COMMUNICATION WITH US. PLEASE BE CAREFUL!

Link to document: https://prostoplati.com/privacy 

The Policy is published in the public domain

in the information and telecommunication network Internet

on the Operator's website