ifthenpay | Digital Payments Digitais for your company

Preliminary Note

Ensuring the confidentiality of the personal data of our clients, partners and suppliers is important to us and a cornerstone of our relationship with all stakeholders. Therefore, ifthenpay, Lda. (hereinafter referred to as ifthenpay), as the entity responsible for processing the personal data provided to it, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, commonly referred to as the General Data Protection Regulation (GDPR), and other applicable national and European legislation, has adopted the Personal Data Privacy Protection Policy set out in this document, which establishes how Personal Data is collected, stored and processed, ensuring its confidentiality and security.

1. PURPOSE

This Personal Data Privacy Policy applies to all personal information collected, processed and stored by ifthenpay through the various available channels.

Any natural person using the goods and services (hereinafter referred to as the Data Subject) offered by ifthenpay through its website (web), applications and other digital or physical platforms (such as, but not limited to, forms and subscription agreements) must take note of this Privacy Policy and the Terms and Conditions for the use and provision of goods and services whenever accessing areas that require the provision of personal data (“Personal Data”).

Before the submission and processing of personal data, ifthenpay requests the User’s express, informed and unambiguous consent to this Policy. The purpose of this Privacy Policy is to provide transparency regarding how personal data will be processed and to protect the information and data that any User of our services may enter on our websites, applications or digital platforms.

For the purposes of Article 8(1) of the GDPR, regarding the direct offer of information society services, ifthenpay ensures that personal data of minors under 16 years of age will not be requested unless prior express consent has been obtained from their legal representatives (parents or guardians), who must be aware of this Privacy Policy.

2. DATA PROTECTION AND PRIVACY PRINCIPLES

The processing operations carried out by ifthenpay comply with the fundamental principles of data protection and privacy, lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, accountability

ifthenpay ensures that all personal data is processed lawfully, in strict compliance with the legal grounds established by the GDPR. A lawful basis exists when:

The Data Subject has given consent for one or more specific purposes
Processing is necessary for the performance of a contract to which the Data Subject is party
Processing is necessary for pre-contractual steps at the request of the Data Subject
Processing is necessary for compliance with a legal obligation
Processing is necessary to protect the vital interests of the Data Subject
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Processing is necessary for the purposes of the legitimate interests pursued by the controller

Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

3. WHAT PERSONAL DATA IS COLLECTED AND HOW

Identification Data: E.g.: name, identification document numbers, date of birth
Contact Data: E.g.: address, email address, telephone, mobile number
Tax Information: Tax identification number, tax status fiscal
Family Situation: E.g.: marital status, number of dependents
Banking, Financial and Transaction Data: E.g.: IBAN, bank account identification
Analytical Data: With access to our website, certain files are automatically collected and are also automatically deleted after a certain period of time. The collection of this data is for purely technical purposes, such as connection configuration, system security, technical network administration and website optimisation. The data referred to is as follows:

IP address
Date and time of access
Name and URL of the accessed file
Volume of data transmitted
Browser and operating system identification data
Confirmation of successful data transfer
Internet service provider name
Website from which access was made

This data is collected online through forms, applications and digital platforms.

4. HOW YOUR DATA IS PROTECTED

ifthenpay has invested in adopting administrative, technical, physical and organisational measures that ensure the security, integrity and privacy of the Personal Data collected, appropriate to the risk of each processing activity and consistent with practices established within the European Union. These measures aim to protect Personal Data against accidental or intentional manipulation, disclosure, loss or destruction, unauthorised access, misuse, alteration, as well as any other form of unlawful processing.

Partners and subcontractors who have access to Personal Data are required to adopt the necessary organisational and technical security measures and protocols to protect such data.

The Data Subject guarantees that the Personal Data provided is true and accurate and undertakes to notify any changes thereto. Any damage caused to ifthenpay or to any third party through the provision of incorrect, inaccurate or incomplete information in registration forms shall be the sole responsibility of the person who introduced or provided such information.

Our security measures are continuously being improved in line with technological progress. However, we shall decline any responsibility where such acts result from criminal or unlawful conduct, in which case responsibility shall lie with the respective offenders.

5. HOW LONG IS YOUR DATA RETAINED?

We will retain your Data for the maximum period required to comply with applicable legal, regulatory and contractual obligations, and it will be deleted, in accordance with the law, when the Data Subject requests its deletion.

The Data collected within a contractual framework (for example, but not limited to, the provision of payment services) will be retained for the period required by law, namely for tax/accounting purposes and for the safeguarding of contractual guarantees and liabilities.

6. WITH WHOM IS YOUR DATA SHARED?

ifthenpay will not sell, purchase, share or distribute your Personal Data to or from third parties.

The data collected by ifthenpay will only be shared with third parties when strictly necessary to comply with legal and contractual obligations, namely, but not limited to, subcontracted entities, for example, for the provision of accounting services, postal services, IT services, archiving services, judicial or official authorities, lawyers within the scope of any dispute or claim that may arise between the parties, among others, acting on our behalf.

In the case of international data transfers originating from the European Economic Area to a third country or an international organisation for which the European Commission has decided that an adequate level of data protection is ensured, your Personal Data may be transferred on that basis.

For international data transfers to third countries or international organisations for which the European Commission has not recognised an adequate level of protection, we will rely on a derogation applicable to the specific situation (for example, if the transfer is necessary to perform a contract concluded with you, such as when you make an international payment) or implement safeguards to ensure the protection of your personal data:

Standard contractual clauses approved by the European Commission
Binding corporate rules

7. LINKS TO EXTERNAL WEBSITES

Our Privacy and Personal Data Protection Policy applies exclusively to our website (website), applications and other digital platforms. However, these platforms may contain links to third-party websites, such as partners and suppliers. Access to such websites always requires the User to click on the respective link and is never automatic.

It is absolutely impossible for ifthenpay to guarantee that the data protection practices of our partners and suppliers comply with the law and our ethical standards. Therefore, ifthenpay assumes no responsibility for the content or privacy policy of external websites, and any damage, loss, unlawful act or infringement caused, allegedly caused or related to the use of such websites or external resources shall be the sole responsibility of their respective owners.

8. COOKIES

The websites, online services, interactive applications, email messages and advertising campaigns of ifthenpay may use “cookies” and other technologies, such as pixel tags and web beacons. These technologies help us better understand User behaviour, which allows us to provide a good browsing experience on our web pages and to improve them, as well as to measure and contribute to the effectiveness of advertising campaigns and online research. We treat the information collected through “cookies” and other technologies as non-personal information. However, where Internet Protocol (IP) addresses or similar identifiers are considered personal information under applicable law, we will also treat such identifiers as personal information.

9. DATA BREACH PROCEDURES

If you believe that ifthenpay has not respected any of your rights regarding personal data protection, you may lodge a complaint with the supervisory and regulatory authority responsible for this matter, namely the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados).

ifthenpay, Lda.
Rua do FeiraPark, nº50 - Edf. FeiraPark
4520-632 São João de Ver
Santa Maria da Feira, Portugal
Telefone: +351 256 245 560
Endereço eletrónico: ifthenpay@ifthenpay.com

10. HOW CAN YOU STAY INFORMED ABOUT CHANGES TO THIS INFORMATION?

In a world of constant change and technological advancement, this information may be updated regularly.

You may always consult the latest version online at www.ifthenpay.com or, alternatively, request that it be sent to you by email. We will inform you of any relevant changes through our website or through our usual communication channels and, where required by applicable law, so that you may freely provide your consent.

11. CONSENT FOR THE COLLECTION AND USE OF PERSONAL DATA

ifthenpay will only use Personal Data when it is provided by its Data Subjects, solely for the purposes and in accordance with the purpose for which it was provided, and always based on the Data Subject’s free, specific, informed and explicit consent, across the various means of interaction with ifthenpay.

The Data provided to ifthenpay will only be shared with third parties when necessary to comply with legal and contractual principles, for example, but not limited to, the communication of Data to accounting service providers.

ifthenpay may use your Personal Data to send news, products and promotions related to ifthenpay’s activities and partnerships. Within the limits of this purpose, it analyses your history of use of products and services, the promotions used, the frequency with which you use the Service, your profile and personal interests, so that the promotions sent are personalised and adapted at all times to your needs and preferences.

In any case, Users have the right, at any time, to request the cancellation of our communications.

Users may also, at any time, request that we stop analysing their profile, even if this means that they will no longer receive news, offers and promotions. The profile created about you will not be used for any purpose other than the personalisation of our communications, except for legal, regulatory or security matters.

12. WHAT RIGHTS DO YOU HAVE REGARDING YOUR DATA?

In accordance with the applicable regulations, the Data Subject has the right to:

Information and access: through which you may obtain information regarding the processing of your Data and receive a copy of it
Rectification: whenever you consider that your Personal Data is inaccurate or incomplete, you may request its rectification accordingly
Erasure: you may request the deletion of your Personal Data, to the extent legally permitted
Restriction: you may request the restriction of the processing of your Personal Data, to the extent legally permitted
Objection: the Data Subject may object to the processing of their Personal Data, in particular when it is based on legitimate interests, on grounds relating to their particular situation. The Data Subject may object at any time where the Data is processed for direct marketing purposes, including profiling related to such direct marketing
Automated decisions: where applicable, the Data Subject has the right to obtain human intervention from the controller, express their point of view and contest automated decisions, including profiling
Withdraw consent: where you have given your consent to the processing of Personal Data, you may withdraw it at any time, to the extent legally permitted
Portability: where legally permitted, you have the right to receive the Personal Data concerning you that you have provided to us or, where technically feasible, to have it transferred to another controller

To exercise the rights listed above, you must contact the controller, namely ifthenpay:

In person, at our headquarters
By registered mail to the address Rua do FeiraPark, nº 50 - Edf. FeiraPark, 4520-632 São João de Ver, Santa Maria da Feira
By submitting a request through the website www.ifthenpay.com
Through the Backoffice of the website www.ifthenpay.com
By email to ifthenpay@ifthenpay.com
By telephone to +351 256 245 560

In any of the above cases, the Data Subject must provide proper identification.