Privacy policy
This Privacy Policy was prepared by the company Match2Pay Ltd (hereinafter “Data controller” or “Match2Pay“) and is addressed to clients, business partners, suppliers and service providers of Match2Pay.
The purpose of this Privacy Policy is to provide information about the conditions, principles and rules used to process personal data provided to the Data controller in connection with the cooperation or performance of the agreement linking Match2Pay with relevant party.
1. Who is responsible for your personal data?
The Data controller of personal data is Match2Pay Ltd with its registered office CT House, Office No. 9A, Providence, Mahe, Seychelles, company no. 8437251-1.
2. How to contact the Data controller?
An Information Officer has been appointed at Match2Pay. In matters regarding the processing of personal data by the Data controller, you can contact the following e-mail address:
kteofilski@match2pay.com .
If you have a complaint in relation to this privacy policy and you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Information Commission in Seychelles via the website Home – Information Commission.
3. On what basis and for what purpose does the Data controller process your personal data?
All personal data in our possession will be collected, processed, stored, shared, used and disclosed in accordance with the Seychelles Data Protection Act 2023 (hereinafter Data Protection Act), Financial Consumer Protection Act and other applicable laws and regulations.
The Data controller undertake to process your personal data in line with the Data Protection Act 2023 in Seychelles for the following purpose:
a) conclusion and performance of the agreement concluded with the Data controller and making the necessary settlements in connection with its conclusion – for the time necessary to perform the agreement, and after its completion, personal data will be processed for the time needed to demonstrate the correct performance of the obligations arising from it until the deadlines indicated in provisions on archiving,
b) performing the Data controller’s statutory obligations, in particular tax and reporting – for the time necessary to implement the Data controller’s statutory obligations, in particular until the expiry of the limitation period for tax obligations,
c) implementation of the legitimate interest of the Data controller described below – for the time necessary to implement the legitimate interest of the Data controller, in this respect, however, no longer than until the special situation of your objection is justified, and if direct marketing is a legitimate interest – until your objection,
d) if voluntary and optional consent is given, the data will also be processed for the marketing purpose of providing you with information about products sold by the Data controller, promotions, price lists and other promotional information and events by means of messages sent to your e-mail address or telephone number and during telephone conversations with you – until you withdraw your consent to receive marketing messages.
4. What are your rights within the scope of the Privacy Policy?
Under the provisions of the Data Protection Act, you have numerous rights with respect to personal data. The following is a general description of your rights
a) Access to personal data.
You can exercise your right to access your data at any time.
b) Correction and completion of data.
You have the right to request the Data controller to immediately correct your personal data that is incorrect, as well as to request incomplete personal data.
c) The right to delete data.
You have the right to request the Data controller to immediately delete your personal data in any of the following cases: i. when personal data are no longer necessary for the purposes for which they were collected or otherwise processed, ii. when personal data is processed unlawfully, iii. when personal data must be deleted in order to comply with the legal obligation provided for in generally applicable provisions. The Data controller will not be able, however, to delete your personal data to the extent that its processing will be necessary for: i. exercising the right to freedom of expression and information, ii. compliance with a legal obligation requiring processing under generally applicable provisions, iii. statistical purposes on the principles set out in the GDPR, iv. establishing, pursuing or defending claims.
d) The right to limit data processing.
You have the right to request the Data controller to limit the processing of personal data in cases where: i. You question the correctness of personal data – for a period allowing the Data controller to check the correctness of this data, ii. processing is unlawful, and you object to the deletion of personal data, requesting instead to limit their use, iii. the Data controller no longer needs personal data for processing purposes, but you need it to determine, pursue or defend claims.
e) Right to object.
You have the right to object to the processing of your personal data in the event that the Data controller processes this data in a legitimate interest, including for direct marketing. To the extent that data is processed for a purpose other than direct marketing, the Data controller may not accept the objection if it demonstrates the existence of valid legitimate grounds for processing, overriding your interests, rights and freedoms, or grounds for establishing, investigating or defending claims.
f) Right to withdraw consent.
To the extent that the processing of personal data is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
g) Right to data portability.
To the extent that data is processed for the conclusion and performance of the agreement or processed on the basis of consent and data processing is carried out in an automated manner you have the right to receive from the Data controller in a structured, commonly used machine-readable format your personal data, which provided to the Data controller. You also have the right to send this personal data to another data controller.
h) Right to complain.
You have the right to lodge a complaint about the processing of personal data by the Data controller to the supervisory body.
The rights referred to in point a) – h) above, can be done by contacting the Data controller in the manner specified in point 2 of this Privacy Policy.
5. Providing personal data
Providing by the Contractor directly personal data for the purpose of cooperation or performance of the agreement with Match2Pay is voluntary, however, the consequence of not agreeing will be the inability to cooperate or conclude the agreement. Personal data of natural persons processed by Match2Pay are obtained directly from the counterparty.
6. Data recipients
The Data controller may share your personal data with the following recipients or categories of data recipients:
a) service providers providing services Match2Pay behalf. In agreements concluded with such service providers, the Data controller requires compliance with applicable laws on the protection of personal data,
b) if such an obligation arises from the mandatory provisions of law, the Data controller may also share your personal data with third parties, in particular authorized state bodies,
c) a company with capital links within the group i.e. affiliated entities
d) banks, payment institutions, virtual asset service providers, companies from the capital group to which the Data Controller belongs, postal operators, supervisory authorities, financial information authorities, suppliers of tools and platform software used to handle transactions and financial operations performed in the course of the implementation of the agreement, as well as to send commercial information by electronic means of communication, legal advisors and entities providing servers and storing data.
7. Transfer of personal data outside Seychelles
The Data controller may transfer your personal data to recipients outside Seychelles.
In the case of transferring personal data to other countries outside Seychelles, the Data Controller will ensure compliance with the Data Protection Act and particular consideration should be given to the fact that personal data shall not be transferred to a country or territory outside Seychelles unless the data processor in the recipient country or territory ensures a comparable level of protection in relation to the processing of personal data designed to safeguard the privacy of your personal data.
8. How long is your personal data stored?
The Data controller makes every effort to ensure that your personal data is processed in an adequate manner and as long as it is necessary for the purposes for which it was collected. With this in mind, the Data controller stores your personal data for no longer than necessary to achieve the purposes for which the data was collected or, if necessary, to comply with applicable law, in particular the period of cooperation, agreement implementation and the limitation period for claims. After such a period the data shall be anonymised, archived and if necessary erased from the database.
9. Change in the Privacy Policy
This Privacy Policy may change, in particular if the need or obligation to introduce such changes results from changes in applicable law, including changes in the recipients of the data. The updated version of the Privacy Policy shall be publicly available on the Company’s website.
