Last update: 1st of January, 2016
1.1. Satabank p.l.c. (C66993), Malta (hereinafter referred to “Satabank”) gives utmost importance to the protection of personal data of its customers. All customer data is collected, transferred and maintained in accordance with the principles incorporated within the EC Directive 95/46 on the protection of personal data and with Data Protection Act, 2001 of the Laws of Malta (and any amendment thereof). The personal data regarding the Client that is provided by the Client as well as by third parties such as state and international authorities, which have competence in the prevention of frauds, is preserved in electronic form on servers, collocated in specially designed premises class A with the highest level of communication coverage, security and control of access.
2. Collection of Information
2.1. To open, maintain, use and close the E-money Account and payment instruments, associated with the Account and to use the services provided by Satabank, Client must provide his/her name, address, mobile phone number, date of birth, e-mail address, government issued identification and other details. Furthermore, for the purposes of funding the Account of the Client, Client may choose to provide information about its credit card, debit card or other payment instrument. Satabank may generate and send to mobile phone number of the Client verification codes as well as to request the Client to enter them as a confirmation of certain actions. This required information is necessary for Satabank to process transactions, issue new passwords (if applicable) in case the Client forgets or loses his/her password, in order to protect Client, Satabank or other customers of Satabank against identity theft, credit card fraud as well as to contact Client should the need arise in administering the Account of Client. Client acknowledges and gives concent to Satabank in order to provide its Services to have access to the contact list/address book, in the Client’s smart phone in order to find, keep track and use of the mobile phone numbers of other users of the Services provided by Satabank.
2.2. If Client sends to Satabank correspondence, including post mails, e-mails and faxes, Satabank will retain such information in the record made for the Account of Client. Satabank will also retain customer service correspondence and other correspondence from Satabank to Client. Satabank retains these records in order to assess and improve the provision of customer service, as well as to investigate potential fraud and violations of the terms and conditions of Satabank. In addition, phone calls from Client to Satabank and vice versa will be monitored and/or recorded for purposes of quality improvement of the service, as well as for purposes of security and fraud detection.
2.3. In cases where Client communicates via Satabank instant messaging services (such as LeuPost Chat and other similar) to other users of these services the Client agrees that the content of the messages delivered via Satabank messaging service are not copied, kept, archived or preserved in any way in Satabank system. The same applies for the digital content that is transferred via Satabank messaging service such as images, documents and any files. All the communication that is sent or received via the messaging service is only available in the smart phone of the client or the recipient. Client acknowledges and agrees that Satabank is not liable for restoring messages, images, documents or other content transferred by the Client where the Client has lost or deleted them.
2.4. In order to fulfill its legal obligations to prevent fraud and money laundering and/or to protect all of its customers against potential fraud, Satabank may obtain information about Client from third party agencies, including financial history details, court judgments and bankruptcies, from credit reference and fraud prevention agencies when the Client opens Account and at any time when Satabank deems necessary to protect from fraud or to minimize its financial risks. If the overall payment volumes which the Client sends or receives through the Service are high, in some circumstances Satabank will conduct a background check on Client business by obtaining information about Client and its business from a Credit Reference or Fraud Agency. If Client owes to Satabank money, Satabank may conduct a credit check on Client by obtaining additional information about the Client from a Credit Reference or Fraud Agency, to the extent permitted by law.
2.5. In addition to the personal information provided by the Client or obtained from third parties, the websites of Satabank use a technology which allows to Satabank to gather particular technical information i.e. address of Client’s internet protocol, operational system of the Client’s computer, Client’s browser type, traffic data, location data, weblogs and other communication data, whether this is required by Satabank for purposes of control of risk and security, performance of regular obligations, inventory or other purposes. When Client accesses Satabank using a mobile device (e.g. a smartphone), Satabank may additionally collect and store device sign-on data (including device ID) and geolocation data in order to provide the services.
3. Use of Information
- To verify the identity and financial information of the Client;
- To make fraud prevention checks, anti-money laundering and credit checks;
- For opening, operating and administering and closing the Account of the Client and the payment instruments associated to it and for provision of services that Client has requested;
- To execute instructions of the Client for undertaking and receiving payments and transfers using the service of Satabank, including for verifying that Client has sufficient funds in its Account and has any Linked Payment Instruments to make such payment operations;
- To notify the Client about changes to the service(s) provided by Satabank;
- To comply with financial and payment services regulations including retention of financial information and transactions information.
- To exercise its rights and perform its obligations resulting from the Agreement with the Client;
- To transfer its rights under the Agreement with the Client to a person established in a Member State of EEA, while at the same time complying with the provisions of the Agreement with the Client.
4. Disclosure of Information
4.1. Satabank is not entitled to sell or rent any of personal information about the client to third parties in breach of its legal obligations. Satabank will give access to the personal information about the Client only to those employees who need it in order to provide the services of Satabank. Satabank may disclose personal information about the Client only in limited amount of cases explicitly listed in this document.
4.2. Satabank may disclose personal information about the Client to third parties if it is necessary to Satabank in order to, among other things, fulfill the request of the Client, process Client’s payment details, provide support services and monitor fraudulent activities.
4.3. When Client sends money to another Customer of the Service or a merchant to whom Client wishes to pay, Satabank will, at a minimum, pass on to the recipient the mobile phone number, the e-mail address and the identification number of Account of Client. Depending on the type of payment involved, Satabank may also send other personal details such as name, address and country of residence of Client if the recipients request this information from Satabank in order to improve the payment process, to reconcile payments with the commercial transaction or to conduct their own anti-fraud and anti-money laundering checks.
4.4. Satabank will also disclose information about Client to its auditing company which will carry out professional auditing services for Satabank and will assess the Satabank policies for Anti Money Laundering (AML) and Know Your Customer (KYC) policies.
4.5. Satabank may disclose aggregated commercial data on turnovers made via the Service to third parties that act as sub-contractors of Satabank and have a contractual obligation to preserve the confidentiality and where this information will be used by them only for the purposes of distributing the Service and/or support of the Client for use of the Service.
4.6. Satabank will disclose information about the Client in the event that Satabank is obliged by an effective law to do so. Such disclosure includes, without limitation, transaction information, account information, personal information and the contents of communications to: the court; the police; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies (other than tax related authorities), departments, regulatory authorities. If false or inaccurate information is provided by Client and fraud is identified, Satabank will pass details to fraud prevention agencies and law enforcement agencies may access and use that information. Satabank and other organizations may also access and use this information (including information from other countries) to prevent fraud and money laundering.
5. Information Security and Protection
5.1. Satabank takes the responsibility to ensure that the information about Client is secure. To prevent unauthorized access or disclosure of information Satabank maintains physical, electronic and procedural safeguards that comply with applicable regulations to guard non-public personal information. Once the Client is logged into his/her Account, all internet communication is secured using Secure Socket Layer (SSL) technology with High-grade security Encryption (AES-256, 256 bit keys, certified by StartCom Ltd). Satabank restricts access to personally identifiable information of the Client only to employees who need to know that information in order to provide products or services to Client.
5.2. The security of the Account and the payment instrument of Client also relies on protection by Clients of its identifying credentials of the Account, the payment instruments or other functionalities of the service, including transfers via SMS. Client shall not share its identifying credentials with anyone. Satabank will never ask Client to send its identifying credentials in an e-mail, although Satabank may ask Client to enter this and other personal information in the Client Interface of Client in the website for the service, which will always have a URL beginning with https://www.leupay.eu, www.mypos.eu, www. sata-bank.com, www.leupost.com or in the Mobile App Profile (LeuPost Mobile App, myPOS Mobile App, LeuPay Mobile App) uploaded on the Client’s smart device or in other way as may be required by Satabank Services. Any e-mail or other communication asking Client to provide personal information via email, or linking to a website with a URL that does not begin with this should be treated by Client as unauthorized and suspicious and should be reported to Satabank immediately. If Client does share its identifying credentials with a third party for any reason, including because the third party has promised to provide additional services to Client, the third party will have access to the Account of Client and to its personal information, and Client will be responsible for the actions taken by the third party by using Client identifying credentials. If Client believes someone else has obtained access to its identifying credentials, must change it immediately by logging in to the Client Interface or Mobile App Profile of the Client and changing its settings, as well as to contact the Customer Service of Satabank.
6. Contact with Client
6.1. Satabank communicates with its Clients on a regular basis via email SMS or push notifications via its mobile applications to provide its services. Satabank also communicates with Clients by e-mail or phone to resolve customer complaints or claims made by Clients; respond to requests for customer service; inform Clients if according to Satabank their accounts or any of their transactions have been used for an illegitimate purpose; confirm information concerning a Client's identity, business or account activity; conduct customer surveys; investigate suspicious transactions.
6.2. Satabank uses Client’s email, physical address or mobile phone to send an SMS, email or push notification to confirm the opening of an e-money account, to send notice of payments that sent or received through Satabank, to send information about important changes to the products and services, and to send notices and other disclosures required by law. Satabank will monitor and/or record telephone conversations with Client to offer additional security, detect fraud, take instructions by Clients correctly or to resolve complaints.
7. Accessing and Changing Information by Client
7.1. Client can review the personal information which is provided to Satabank and make any desired changes to such information, or to the settings for the Account of Client, at any time by logging in its Client Interface on the Website or logging in the Profile for the Mobile App and changing the preferences in the "Profile" tab.
7.2. If Client closes its Account, Satabank will mark in its database the account of Client as "Closed", but will keep the information about Client, as Satabank are required to retain certain records for a period of at least five years after closure. This is necessary in order to detect fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their Account and opening a new Account. However, if Client closes its Account, the personally identifiable information about Client will not be used by Satabank for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, or as required by law.
7.3. At the request of Client, Satabank will also share with Client where the personal information of Client has been stored, what personal information Satabank has about Client and for what purposes it is used it for by Satabank. Client has legal right to such requests. They may be submitted to the Customer Service of Satabank.