Last updated on November 1, 2020
Corefy takes care of your personal data and does everything possible to protect it. This Privacy Notice is written to help you understand what your personal data is collected, stored and used, and what happens to it when you use our website at corefy.com (“Website”).
Pay your attention! UK leaves the EU by 31 December 2020. Till that time, the whole data processing process will be handled as it goes. After leaving the EU, the UK will become a third country pending a decision on the adequacy of jurisdiction. We will continue to be GDPR compliant and comply with the data processing and transmission requirements, taking into account the GDPR requirements for third countries that are not recognised as an adequate jurisdiction.
In this Privacy Notice we answer the following questions:
We are PayCore.io Limited, company number 11654625, with a registered address at 37th floor, One Canada Square, Canary Wharf, London, E14 5AA, United Kingdom.
In relation to your personal data, we are the controller and processor at the same time. We are the controller of your personal data of our clients and users, which means that we determine what, for what purpose and how your personal data will be
processed.
If you have any questions, you can contact us by sending an email to [email protected]. You can also send us a letter at PayCore.io Limited, 37th floor, One Canada Square, Canary Wharf, London, E14 5AA, United Kingdom.
This Privacy Notice applies to our website and our services. Our websites are corefy.com and PayCore.io .
The data we process is divided into two categories: technical information and data that is provided to us by a user, consumer and client.
Technical information. When you visit our website, some data is collected automatically. We need technical data to operate, maintain, and improve our website. This includes data such as an IP address, UTM parameters, geolocation, device type, browser type, cookies, and data about your interaction with the website - session ID.
The session ID includes your interaction with the website, the name of the website from which you went to our website, the functions you use, the pages viewed on our website, the way you use our website, and the actions you take if such actions are present.
Data provided by the client. To perform a contract, we need the following data: full name, date of birth, email, passport details (tax number, address), gender, phone number, position, company name, payment information (bank details, bank card details), and merchant ID credentials.
Data provided by the consumer. While processing personal data of end users, Corefy acts as a processor. For detailed information on the processing of your personal data, please contact your controller. As a processor, we may process the following data: name, surname, geolocation, address, device hash, email, phone number, tax number, payment information incl. but not limited to bank ID, bank details, payment card details, electronic wallet ID.
Data provided by the user.
For full interaction with our website, we may collect your name, phone number, email, and company name.
Once again, briefly about what personal data we collect:
| Type of data | Description of data | Legal basis | Reasons of processing |
|---|---|---|---|
| Data provided by a client | Full name, gender, date of birth, email, phone number, passport details, position, company name, payment information, merchant ID credentials | Performance of a contract |
Registering an account; Providing a service; Customer support |
| Data provided by a client | Position, company name | Legitimate interest |
Analytics; Statistics |
| Data provided by a client | Full name, date of birth, email, phone number | Consent | Marketing |
| Data provided by a consumer | Name, surname, geolocation, address, device hash, email, phone number, tax number, payment information, bank ID. | Performance of the contract |
Registering an account; Providing a service; Customer support |
| Data provided by a consumer | Device hash, payment information | Legitimate interest |
Security; Analytics; Statistics |
| Data provided by a consumer | Full name, contact details | Consent | Marketing |
| Data provided by a consumer | Name, surname, payment information | Legal obligation | Compliance with the legal obligation |
| Data provided by a user | Full name, phone number, email, and company name | Performance of the contract |
Performance of the contract; Providing a service |
| Data provided by a user | Name, phone number, email | Consent | Marketing |
| Data provided by a client | Full name, payment information | Legal obligation | Compliance with legal obligations |
| Automatically collected data |
Technical information Cookies |
Legitimate interest |
website operation; Analytics; Statistics |
Pay your attention. We knowingly do not process the personal data of users under the age of 13 without consent from the legal representative(s). If you are such a user, or you are the legal representative of the user, please let us know by email at [email protected].
We store personal data in the following categories:
Client data. We store personal client data for the duration of the service and 36 months after completion.
Consumer data. We store personal consumer data for the duration of the service and 24 months after completion.
User data. We store users' personal data for 36 months.
However, you can exercise your right to delete your data. In this case, your data will be deleted from our servers within 30 days of your request.
We use your personal data to perform a contract and for communication between us and the client, between us and the consumer, and between us and the user. We transfer your data on the following grounds:
Consent. We transfer your personal data based on your explicit consent.
Compliance with the law. We will disclose your personal data to third parties to the extent that it is necessary:
Transfer to third parties: We transfer your personal data to third parties on the basis of public offer for processing on our behalf, subject to technical and organizational measures to protect your personal data. We may transfer your data to certain companies, consultants, and contractors hired to provide certain services on our behalf.
We will ask for your consent unless the transfer of data is part of a contract.
The General Data Protection Regulation (the “GDPR”) applies to a transfer of personal data from the EEA to the UK. For now, the transfer is allowed without extra specifications. Based on fact that the UK is leaving the European Union, and the transfer will be based on appropriate safeguards until the decision about adequate jurisdiction. In this case, “a transfer of personal data” will have the same meaning as it in the GDPR.
All data is now stored on servers in Germany and the UK. When transferring data, we use the necessary protective measures such as encryption and security protocols.
We use the cookies necessary for the functioning of the website. Using cookies, we receive the technical information specified in clause 3 and our Cookie Policy.
If you want to disable cookies, then you can find instructions for managing your browser settings at these links:
You, as subjects of personal data, have the following rights:
To exercise your rights, write us an email at [email protected]. If your request was not satisfied, you can file a complaint to the regulatory body, the ICO via live chat service ico.org.uk/livechat or ico.org.uk/global/contact-us .
This privacy policy and the relationships falling under its effect are regulated by the GDPR. Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on our website. After the UK will finish the exit from the European Union, we will continue to comply with the requirements of the GDPR, and will also make every effort to comply with the legislation of the UK as soon as possible if there would be changes. If significant material changes are made that affect your privacy and confidentiality, we will notify you by email or display information on the website and ask for your consent.
We make these disclosures to those visiting our websites who reside in California which supersede and replace any conflicting disclosures found elsewhere on our websites as well as reflect your privacy rights granted by the California Consumer Privacy Act (CCPA).
Opt-out of disclosure for direct marketing purposes. The California laws allow its residents to learn the identities of entities that received their personal data for marketing purposes and the categories of information disclosed. You may request such information by contacting us by email at [email protected].
Please be aware that this opt-out does not prohibit our disclosure of personal data for any purpose other than direct marketing. The data we process and share may include your name, address, email address, and telephone number.
Automatic gathering of information. We collect data that you provide to us online, and through websites of unaffiliated third parties.
Automatic gathering of information by third parties. When you visit our websites, third parties can collect personal data about your online activities over time and across different websites pertaining to your visit to or use of our and other websites.
California residents visiting our websites may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet. Such requests are typically made through web browser settings that control signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal data about an individual consumer's online activities over time and across third-party websites or online services. We currently do not have the ability to honour these requests. We may modify this Notice as our abilities change.
The CCPA has extended California residents’ data protection rights. However, we have already guaranteed all these rights and described them precisely in this Notice as well as a means of rights exercising. Please refer below to investigate.
Right to be informed. Please find a list of personal data we collect about you and your activity, sources and business purposes of personal data collection, and third parties we may share your personal data within Section 3 - 6 of the Notice.
Your Right of access, Data portability, and Right to delete are prescribed by Section 7 of the Notice.
You can exercise these rights any time by contacting us via email at [email protected].
Notice, the CCPA envisages some specific requirements related to the exercising of these data protection rights. Considering them we may:
Also, please be aware that we are allowed to maintain personal data after deletion request is received as permitted by the CCPA (for instance, for the purposes of detection of security incidents, repair errors, comply with legal obligations, transaction completion).
We want to draw your special attention that Corefy does not sell, rent, or trade your personal data to anyone.
Non-discrimination right. We definitely will not discriminate (including, by denying Services, charging different prices for Services, providing different quality of Services) against you for exercising any of your CCPA data protection rights.
