Tap Global Limited
Publication date 16.08.2023 Version 2.0
The website/portal features and services provided to you when you visit our websites or portals or apps.
When you apply to use and/or use our service.
Your use of software including mobile and desktop applications provided by Tap Global LTD; and
Email, other electronic messages including SMS, telephone, website/portal and other communications between you and Tap Global LTD.
Together these are all referred to in this policy as "Services". Tap Global Limited ("TAP") is the company that provides the technology of the tap product and is also the Program Manager for your card. As such, TAP is the Data Controller for any personal data which you provide which is not related to the card. TAP is incorporated in Gibraltar with registration number 118724 and registered office at 57/63 Line Wall Road, Gibraltar GX11 1AA.
This policy applies to all personal data processed by Tap Global Limited , including data collected from customers, employees, and other stakeholders, regardless of the medium or format in which it is stored.
3. Data Protection Principles
We adhere to the following data protection principles:
- Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and transparently.- Purpose limitation: We collect personal data only for specific, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.- Data minimization: We collect only the minimum amount of personal data necessary for the intended purpose.- Accuracy: We ensure that personal data is accurate and up-to-date, and take steps to rectify or erase inaccurate data without delay.- Storage limitation: We store personal data for no longer than necessary for the purposes for which it is processed.- Integrity and confidentiality: We ensure the appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage.
4. Role and Duty of the Data Protection Officer (DPO)
Tap Global Limited has appointed a Data Protection Officer (DPO) to oversee our data protection activities and ensure compliance with GDPR. The DPO's responsibilities include:
- Informing and advising the company and its employees about their obligations to comply with GDPR and other data protection laws.- Monitoring compliance with GDPR and the company's data protection policies, including managing internal data protection activities, training employees, and conducting internal audits.- Advising on and monitoring data protection impact assessments (DPIAs) when required.- Cooperating with the relevant supervisory authority and acting as the primary point of contact for all data protection matters.- Ensuring that the rights of data subjects are protected, including facilitating requests related to data access, rectification, erasure, restriction, portability, and objection to processing.
5. Data Collection and Processing
We collect and process personal data only for lawful purposes and in accordance with GDPR principles. We obtain explicit consent from data subjects before collecting and processing their personal data, and we inform them of their rights under GDPR.
6. Data Security
Tap Global Limited is committed to protecting the personal data we hold from unauthorised access, disclosure, alteration, or destruction. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with the processing of personal data. These measures include, but are not limited to, encryption, access controls, secure data storage, and regular security assessments.
7. Data Breach
In the event of a data breach, Tap Global Limited will promptly notify the relevant supervisory authority and affected data subjects, in accordance with GDPR requirements. We will also take appropriate steps to mitigate any potential harm and prevent future breaches.
8. Data Subject Rights
We respect the rights of data subjects under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object to processing. We have procedures in place to handle data subject requests and ensure that we respond to them in a timely and compliant manner.
9. Policy Review and Updates
10. Contact Information
WHAT INFORMATION DO WE COLLECT AND WHY?
We receive, collect and use the information listed below as it is necessary for the adequate performance of the contract between you and us, to provide you the Services, to support our legitimate interests in better understanding, securing and improving our Services and overall performance, and to allow us to comply with our legal and contractual obligations.
We receive and collect personal information from you when you provide us your name, e-mail address and other information requested during signup. You may also provide us with personal information when we communicate using email or another communications mediums like telephones.
We receive and collect personal information from your browser about your use of the Services. We use "cookies", technical identifiers and other tracking technologies in order to provide and enhance our Services (please see our separate cookies policy).
We receive and collect personal information from other sources, such as, merchants, business partners, acquirers, payment service providers, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and fraud prevention agencies.
We collect the following information:
Information you give us: We receive and store any information including personal and financial information you provide to us including when you (or your business): enquire of or make an application for our Services; register to use and/or use any our Services; upload and/or store information with us using our Services; and when you communicate with us through email, SMS, a website or portal, telephone or other electronic means. Such information may include you or your customer's: Company and business professional contact information, including name, address, phone number, fax number, e-mail address, domain names, and trade associations. Background information regarding company management, such as beneficial ownership/persons of significant control - including first name and family name, date of birth, email address, billing address, username, password, address, nationality and country of residence. Detailed company profiles. Company operational histories, including territories, subsidiaries, affiliates, and lines of business. Detailed trade and business credit information, including payment histories. Business information regarding profitability. Information about your friends/family/contacts for social, in-app and referral interactions. Any other information that you or your customer provide.
Information we collect about you: We receive and store certain information whenever you interact with us; for example, by way of "cookies" or similar technology. We also obtain certain information when your web browser or mobile APP accesses our Services and other content provided by or on behalf of us on other web sites, or when clicking on emails including:
The Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, browser plug-in types and versions, operating system platform.
Information on your location during signup and active user sessions for fraud prevention.
Please also refer to our Cookies Policy, for more information and see the separate Cookies section of this policy, below:
Email and Other Communications: We may receive information about you and your use of our Services when we communicate with each other, including when you open email, messages from us and from the use of electronic identifiers (sometimes known as 'device fingerprints'), for example, Internet Protocol addresses or telephone numbers. Some of the information we collect may be classified as "personal data" under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.
Tap Global does not seek to collect any information in relation to a customer's race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.
TAP AND SOCIAL INTERACTIONS
Tap may use your personal information to enable social interactions through our services and to provide additional functions in order to deliver a better experience.
The types of information we use are: Information you have provided Information from your device (Contacts/Phonebook) Geo-locational information.
HOW WE WILL USE YOUR INFORMATION
Your information (as above) will include information about you (and / or your business) and customers. If you give us information, including sensitive personal data, about yourself or other people, you agree (and confirm that the person the information is about has agreed) that we can use this information in the way set out in this policy.
WHO DO WE SHARE THIS INFORMATION WITH?
Where we are required or permitted to do so by law:
We may be required by law to pass information about you to regulatory authorities and law enforcement bodies worldwide, or we may otherwise determine that it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities, or with commercial organizations with whom you may have had dealings and whom are seeking to mitigate fraud risk, or for the purposes of litigation or legal process, national security or where we deem it in the national or public interest or otherwise lawful to do so.
Business transfers: Tap Global may buy or sell business units or affiliates. In such circumstances, we may transfer customer information as a business asset. Without limiting the foregoing, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners; and
With your permission: Your information may also be used for other purposes for which you give your specific permission, or when required by law or where permitted under the terms of the relevant data protection legislation. Except where permitted as stated, Tap Global does not sell, rent, share or otherwise disclose personal data about its customers to third parties for commercial purposes.
We may also transfer your data outside Gibraltar and the EEA only if such a transfer will be subject to the appropriate and suitable safeguards such as: ensuring of an adequate level of protection for your Personal Data by the third country; an approved certification mechanism or code of conduct with binding and enforceable commitments; a contract with the person or entity receiving your Personal Data which incorporates specific provisions as directed by the European Commission; permissibility of the transfer by applicable laws; your explicit consent to the transfer. DATA RETENTION Personal data is stored for varying lengths depending on the nature and purpose for which it was collected. We store personal data in line with any applicable statutory minimum periods, and then review it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected.
The data that you provide us is sent via a secure link (HTTPS) and sensitive data stored is encrypted using standard encryption technology in computer servers with limited access and in controlled facilities. We follow generally accepted industry standards to protect personal data, however no method of transmission over the Internet or method of electronic storage is 100% secure.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We will never contact you and ask for your password.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website or/and the Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
All our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of your personal data. The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. DATA SUBJECT RIGHTS You have the right to request from us confirmation of whether we are processing your personal data, and if so, access to that information.
If any of your personal data is inaccurate you have a right to request rectification. We are very keen to ensure the data we hold is accurate and up to date. Please contact Customer Services via firstname.lastname@example.org.
You have the right to object to our processing and/or request it is deleted or restricted although please note that this may mean we are unable to continue to provide you with the Services. In considering our response we undertake to ensure your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. We will also look at whether it is still necessary to process your data for the purpose it was collected or whether applicable legislation means we are unable to erase a piece of data. Please contact Customer Services for more information.
We will always observe your objection to receiving either our Tap Global marketing or to us passing on your contact details to third parties for their direct marketing purposes: please contact Customer Services including the name, business name, address, telephone number and email address that you wish to have excluded.
Opting Out: If you have opted to receive marketing-related messages from us and would prefer to no longer receive these, or if you would prefer that we not share personal data about you with any of our business partners, you may later opt-out of receiving messages from us or from our future sharing of information about you by following the "unsubscribe" instructions in the latest such message you have received. We will endeavour to comply with your request as soon as reasonably practicable. Please keep in mind that if you opt-out of receiving promotional messages from this Website, we will continue to send you transactional messages and important account-related information regarding this Website or Services offered through this Website.
TPL is committed to safeguarding the privacy of your information. By "your data", "your personal data", and "your information" we mean any personal data about you which you or third parties provide to us.
We may change this Policy from time to time so please check this page regularly to ensure that you're happy with any changes. WHO ARE WE? Transact Payments Limited ("TPL", "we", "our" or "us") is the issuer of your card and is the Data Controller for the personal data which you provide to us in relation to the card only. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217.
Tap Global Limited ("TAP") is the Program Manager for your card program and is the Data Controller for any personal data which you provide which is not related to the card. TAP is incorporated in Gibraltar with registration number 118724 and registered office at 57/63 Line Wall Road, Gibraltar GX11 1AA. HOW DO WE COLLECT YOUR PERSONAL DATA? We collect information from you when you apply online or via a mobile application for a payments card which is issued by us. We also collect information when you use your card to make transactions. We also obtain information from third parties (such as fraud prevention agencies) who may check your personal data against any information listed on an Electoral Register and/or other databases. ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA? Contract
Your provision of your personal data and our processing of that data is necessary for each of us to carry out our obligations under the contract (known as the Cardholder Agreement or Cardholder Terms & Conditions or similar) which we enter into when you sign up for our payment services. At times, the processing may be necessary so that we can take certain steps, at your request, prior to entering into that contract, such as verifying your details or eligibility for the payment services. If you fail to provide the personal data which we request, we cannot enter into a contract to provide payment services to you or will take steps to terminate any contract which we have entered into with you.
Legal/Regulatory We may also process your personal data to comply with our legal or regulatory obligations.
Legitimate Interests On occasion we may have a legitimate interest or those of a third party to process your personal data. WHAT TYPE OF PERSONAL DATA IS COLLECTED FROM YOU? When you apply for a card, we, or our partners on our behalf, collect the following information from you: full name, physical address, email address, mobile phone number, phone number, date of birth, gender, login details, IP address, identity and address verification documents.
When you use your card to make transactions, we store that transactional and financial information. This includes the date, amount, currency, card number, card name, account balances and name of the merchant, creditor or supplier (for example a supermarket or retailer). We also collect information relating to the payments which are made to/from your account. HOW IS YOUR PERSONAL DATA USED? We use your personal data to:
- set up your account, including processing your application for a card, creating your account, verifying your identity and printing your card.
- maintain and administer your account, including processing your financial payments, processing the correspondence between us, monitoring your account for fraud and providing a secure internet environment for the transmission of our services.
- comply with our regulatory requirements, including anti-money laundering obligations. WHO DO WE SHARE YOUR INFORMATION WITH? When we use third party service providers, we have a contract in place that requires them to keep your information secure and confidential.
We pass your information to the following categories of entity:
- identity verification agencies to undertake required verification, regulatory and fraud prevention checks;
- information security services organisations, web application hosting providers, mail support providers, network backup service providers and software/platform developers;
- document destruction providers;
- anyone to whom we lawfully transfer or may transfer our rights and duties under this agreement;
- any third party as a result of any restructure, sale or acquisition of TPL or any associated entity, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us.
- regulatory and law enforcement authorities, whether they are outside or inside of the EEA, where the law requires us to do so. SENDING PERSONAL DATA OVERSEAS To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.: with service providers located outside the EEA; if you are based outside the EEA; where there is an international dimension to the services we are providing to you. These transfers are subject to special rules under European and Gibraltar data protection law.
These non-EEA countries do not have the same data protection laws as Gibraltar and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the European Commission has made an adequacy decision, meaning that it has ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about this here.
Where we send your data to a country where the European Commission has not made an adequacy decision, our standard practice is to use standard data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses, please go to the European Commission's website.
If you would like further information please contact our Data Protection Officer on the details below. HOW LONG DO WE STORE YOUR PERSONAL DATA? We will store your information for a period of five years after our business relationship ends in order that we can comply with our obligations under applicable legislation such as anti-money laundering and anti-fraud regulations. If any changes to applicable legislation require us to retain your data for a longer period of time, we shall retain it for that period. We will not retain your data for longer than is necessary. YOUR RIGHTS REGARDING YOUR PERSONAL DATA? You have certain rights regarding the personal data which we process:
- You may request a copy of some or all of it.
- You may ask us to rectify any data which we hold which you believe to be inaccurate.
- You may ask us to erase your personal data.
- You may ask us to restrict the processing of your personal data.
- You may object to the processing of your personal data.
- You may ask for the right to data portability.
- If you would like us to carry out any of the above, please email the Data Protection Officer at email@example.com. HOW IS YOUR INFORMATION PROTECTED? We implement security policies and technical measures in order to secure your personal data and take steps to protect it from unauthorised access, use or disclosure.
While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. COMPLAINTS We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority.
Their contact details are as follows:
Gibraltar Regulatory Authority,
2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.
(+350) 20074636 / (+350) 20072166