Easypay Sh.P.K is an electronic money institution licensed by the Bank of Albania with NUIS K61730019P address Ismail Qemali Street, administrative unit no. 5, Building 30, Tirana, in its capacity as the Controller of Personal Data on the official website www.easypay.al and in the EasyPay Application (IOS and Android). On the official website of EasyPay www.easypay.al and in the EasyPay application, in some sections such as applications for jobs or where services are offered require the user to complete some of the data personal. EasyPay collects your personal data for the purpose of providing the service. This applies to the information collected about visitors to our site, customers, job candidates and our current and former employees, other individuals who submit various requests for information, etc.
EasyPay guarantees the security conditions for the storage and further processing of this data, in full compliance with the provisions of law no. 9887 dated 10.03.2008 "On the Protection of Personal Data" as amended. The user confirms the completeness and authenticity of the information provided and authorizes also data processing.
This document describes the administration means of the EasyPay application and the official website regarding the handling of information and personal data of users who visit the application or website. This information is presented in accordance with Law no. 9887, dated 10/03/2008 "On the protection of personal data" as amended, to individuals who use the EasyPay services offered via the Internet.
The data is provided only for the official website www.easypay.al and the EasyPay application (IOS, Android) and not for other pages or applications which are visited by the user through other links.
- "Personal data": is any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
- "Sensitive data": it is any of information related to the natural person in referring to his racial or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, criminal prosecution, as well as with data concerning his health and sexual life.
- "Controller" is any natural or legal person, public authority, agency or any other body, which alone or jointly with others determines the purposes and means of processing of personal data, in compliance with the laws and secondary legal acts applicable, and who is responsible for the fulfilment of obligations defined by the law ON PROTECTION OF PERSONAL DATA.
- "Data subject" is any natural or legal person whose personal data are being processed.
- "Processor" is any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Controller.
- "Archive system" is any structured set of personal data, which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
- "Processing tools" are automatic, semi-automatic and mechanical tools that process personal data.
- "Electronic instruments" are computers, computer programs and any electronic tool or automatic, with which the processing is done.
- "Direct marketing" is the communication of the promotional material, by every mean and way, using personal data of legal or natural persons, agencies or other entities with or without interference.
- "Processing of personal data" is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, transmission, dissemination or otherwise making available, alignment or combination, photographing, reflection, entering, filling in, selection, blocking, erasure or destruction, even though they are not recorded in a data base.
- "Recipient" is any a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not. The authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients.
- “Person in charge” is the individual who is authorized by the head of the institution or the competent person to perform processing actions.
- "Third party" is any natural or legal person, public authority, agency or any other body, except for the data subject, controller, processor and persons who, under the authority of directly of the controller or processor, are authorized to process data.
- "Transmission" is the transfer of personal data to the recipient.
- "International transfer" is the provision of personal data to recipients in foreign countries.
- "Automated decision-making" is a kind of assessment of individuals, carried out entirely automatically, without an individual’s intervention.
- "Consent of data subjects" is any indication in writing, freely given and fully informed on the reason for which his data will be processed, which signifies the data subject agreement that personal data relating to him to be processed.
- "Agent" is a commercial or legal natural person, who acts in the name and on behalf of EasyPay.
- "Authentication" is the procedure that enables the payment service provider to verify the identity of a user of the payment service or the validity of the use of a specific payment instrument, including the use of personalized security data of the user.
- "Personalized security data" are personalized elements made available by the payment service provider to the payment service user, for authentication purposes.
- "Remote Payment Transaction" is a payment transaction initiated via the Internet or a device that can be used for remote communication.
2. PERSONAL DATA PROCESSING
The processing of personal data related to the services offered through the official website or EasyPay application are managed by the technical staff of the responsible sector in the IT Department as well as the persons responsible for data processing within EasyPay. No information resulting from the service via the Internet or the application is communicated or distributed except when the information is requested by the competent authorities entitled by special law in compliance with the legal provisions of Law no. 9887, dated 10/03/2008 "On the protection of personal data" as amended.
The personal data provided by the users are used only for the purpose of providing the service or to fulfill the request and are communicated to the service provider and third parties, only if they are needed for this purpose, respecting the requirements of the law.
The employees of EasyPay are subject to the obligation to maintain the confidentiality of the information which is given to the latter in order to exercise its functions based on the Law, and can only disseminate it to the legal authorities. Easypay always evaluates the integrity of new employees before they are hired. EasyPay continuously monitors the accesses and processing of the personal data it controls to ensure their integrity and confidentiality.
3. CATEGORIES OF DATA SUBJECTS THAT ARE PROCESSED
EasyPay use personal data of categories of personal data subjects (customers, employees, job candidates, Agents, Partners in the provision of services, etc.), and keep them in order to we offer the service to the data subject or to comply with the agreements between the parties as well as for cases requested by the data subject for other purposes closely related to the provision of the service. The official website and EasyPay app receive data as part of normal operation the transmission of which occurs during the use of communication protocols via the Internet. The official website and EasyPay application do not include links to other sites and the data that these the latter collect or process. When you are on another page or application, we advise you to read the privacy statements of the respective sites and applications.
Access to the EasyPay application in any case is carried out through the credentials created by the customer at the time of registration (username, password) as a system that processes personal data and other financial data of a confidential nature. For special payment services, the customer may be required to process payments after inputting the credentials they have in accordance with the legal framework regarding the security of data processing and cyber security.
EasyPay in no case collects data such as fingerprints, face ID used for access via electronic remote communication devices. This data is processed and recorded only in your electronic device.
The personal data of the electronic services are stored in systems with a high security standard certified as per the international ISO standards. EasyPay processes the personal data of the user and authorized persons for the purpose of providing payment services or ancillary services or information services.
Data voluntarily provided by the user on the site or in the application, all optional emails, explicit and voluntarily sent to the specified addresses, includes the subsequent receipt of the sender’s address that is needed to respond to the requests as well as for any other personal data contained in the email.
For individuals who apply for employment with EasyPay, we use their information to process the application and to monitor recruitment statistics. When we want to disclose the data to a third party, for example, when we want them to receive a reference, or to receive some data from other relevant institutions, we do not do this without first informing the data subjects, unless this information is legally required. Personal data related to applicants who are not selected in the recruitment process are stored until the end of the period defined in the legislation in force, then they are destroyed or deleted. We retain non-personalized information for statistical purposes about applicants to assist our recruitment activities, but no applicant is identifiable from this data.
For individuals who are employed by EasyPay, we hold personal data that is necessary only for the purpose of employment and no other. The data is kept in secure places with high security standards as well as in computer systems in accordance with the law and our internal rules. When an employee is no longer employed with EasyPay, we prepare a file regarding the period during which he was employed. The data in the file are kept secure and used only for purposes of direct importance on the employment of the person until the term set by law expires. Then, the data are destroyed.
4. WHAT PERSONAL DATA COLLECTION
We process your personal data related to your identity as well as other data necessary for the provision of payment services or ancillary services. Without approval for the use of this data we would not be able to provide the EasyPay services. If you do not share identifying data with us, we are unable to enter into a business or service relationship with you, as this data, in addition to providing the service, is required in accordance with the legal framework. EasyPay also processes data for marketing, physical security and/or analytical purposes, in order to be able to offer high-quality products and services.
The following categories of personal data may be collected by EasyPay depending on the type of relationship (You are a potential client, customer or contracting party).
Personal Information – Name, Surname, Date of Birth, Gender, Personal Identification Number/Identification Document Number, Place of birth, legal capacity, nationality and citizenship, contact numbers and addresses, residence address, IP address, vehicle license as well as historical data stored with us within the framework of the ongoing relationship.
Device Information- when registering in the mobile application EasyPay collect and process the following data from Users Device, for the enrolment for and use of the App: use of fingerprint, access fine location, camera, read and write the external storage, read the Contacts List of the User’s phone, Device Brand, Device Model and Device OS. All Users’ personal data shall be collected and processed further exclusively for the purposes of enrolling for and offering the EasyPay Mobile Wallet application (the “App”). EasyPay shall use Users’ personal data only for the purpose of providing its App’s services to users and users using the App.
Documentation – The type of your identification document, the country that issued it, the number, the expiration date, information included in the document's barcode. Legal documentation on the registration of entities as well as additional documentation of identification or commercial or business relationships with third parties as any other documentation submitted by you for payment service purposes or auxiliary services.
Economic identification data – Customer number or user code in the EasyPay application, the unique number of the Credit Agreement or an agreement number generated through the closing of a credit agreement for payment services, data collected through continuous monitoring within the framework of the requirements of Know Your Customer, data and details of your debit or credit card (in case you choose to make payments through direct debit), bank account number or other banking or payment information related to the transaction made in favor of the Company.
5. PERSONAL DATA PROCESSING METHODS
The subjects' personal data are processed electronically and manually in full accordance with security measures defined in the provisions of law no. 9887, dated 10/03/2008 "On data protection personal" amended.
EasyPay protects the data in secure premises and systems until the end of the term defined in Instruction No. 20 dated 03.08.2012 of the Commissioner for the Right to Information and Personal Data Protection, unless otherwise provided by applicable law, the data are subsequently destroyed.
6. ACCESS TO PERSONAL DATA
EasyPay in compliance with the legal framework gives individuals access to their personal data. Individuals may be informed whether we possess any personal data by sending us a "request for access to personal data" and pursuant to Law No. 9887 "On the protection of personal data", as amended, Individuals can identify whether we hold any personal data by sending a "data access request personal" and based on Law no. 9887, dated 10/03/2008 " On the protection of personal data "as amended, within a period of 30 days from the date of receipt of the request EasyPay shall inform you about the data or shall explain the reasons why the information cannot be provided.
If we hold your personal data, we will let you know why we keep them, we will Show to which recipient such data can be disclosed, we will give you a description of them and, if possible, a copy of the information in an understandable form.
For any personal data maintained by us, as well as on any rights you are entitled as a data subject in accordance with Law no. 9887 "On Protection of Personal Data", dated 10/03/2008, as amended, it is necessary to file a request to the Easypay by submitting your legal identification documents. You can also directly contact the Commissioner for the protection of Personal Data or you can be informed about the provisions of the legal framework on the official website of the commissioner https://www.idp.al/.
7. RIGHTS OF THE PERSONAL DATA SUBJECT
Individuals whose personal data are being processed, are entitled under Law no. 9887 "On Protection of Personal Data", dated 10/03/2008 as amended, to obtain at any time:
- The confirmation of the existence or not of personal data and to know their content and source,
- To verify the accuracy,
- To be informed on the update or correction,
- To request information for processing purposes, on the categories of personal data processed,
- The right to transform/update anonymously or to block information and data that are treated/handled contrary to the law,
- To refuse, for legitimate reasons, their treatment.
8. SECURITY OF PERSONAL DATA PROCESSED
EasyPay processes the personal data of personal data subjects in order to perform its activity and its statutory duties in accordance with the legislation in force and internal rules. This may include confidential information about the categories of data subjects being processed. EasyPay is committed to ensure the use of information and information technology systems in order to maintain the integrity and confidentiality of information under its control. EasyPay uses a risk-based approach in assessing and understanding risks and uses all physical means of personnel, both technical and procedural, to provide the appropriate security measures. All employees of EasyPay are subject to the obligation to maintain the confidentiality of information provided to them while performing their duties based on their job description, and may disclose it only to legal authorities. EasyPay assesses their integrity before they are hired. EasyPay monitors their compliance with their information security obligations. According to the confidentiality statement signed by the employees, where they take over civil and criminal legal responsibility, they are obliged to maintain the confidentiality of information even after the termination of their employment relationship.
9. HOW TO CONTACT US