myPOS and GDPR compliance

  • With whom we share personal data

    We may share personal data with members of the myPOS Group of companies as we aim to provide the services our clients have requested and in order to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies. We...

    Continue reading
  • Our licenses and registrations

    We provide financial services in the entire EU and EEA. myPOS Europe Ltd. is licensed by the FCA as an E-Money Institution, as part of the group, and is offering the merchants accounts and financial services. You can find our registration number in the ...

    Continue reading
  • Cookies Compliance

    We use “cookies” and other technologies when users visit or use our websites or mobile apps. This usage is based on consent. If our users wish to withdraw their agreement to accept cookies and similar technologies, they can delete the cookies via the br...

    Continue reading
  • Incident response

    Our Incident Response procedures have been designed and tested to ensure potential security events are identified and reported to appropriate personnel for resolution, personnel follow defined protocols for resolving security events, and steps for resol...

    Continue reading
  • Encryption and storage of personal data

    We take the responsibility to ensure that your personal information is secure, kept in an encrypted from on servers, collocated in Special data centres in Class A jurisdictions in Europe. To prevent unauthorised access or disclosure of information we ma...

    Continue reading
  • Reviews of Vendors and Partners

    All our current vendors have been reviewed to ensure they meet security and privacy requirements defined by GDPR. To maintain assurance, these reviews will be conducted for all incoming vendors. Where we transfer, store and process personal information ...

    Continue reading
  • Children and our services

    Our services are not designed to individuals under the age of 18, unless we have expressly specified so in our Privacy Policy or other legal document. If we obtain actual knowledge that we have collected Personal Data from an individual under the age of...

    Continue reading
  • Data subjects’ rights and legal entities

    Please be informed that corporations are not data subjects under GDPR. Business owners who use myPOS services and have business accounts can exercise their rights, but only regarding their personal data (or the personal data of the authorised person). T...

    Continue reading
  • Consent withdraw and restriction of personal data processing

    Where our clients have provided their consent to the processing of personal information by us, they may withdraw the consent at any time by changing the Account settings or by sending a communication to us specifying which consent they are withdrawing. ...

    Continue reading
  • Data transfer as our clients’ right

    Our clients have the right to receive a copy of their personal data in a structured, commonly used, machine-readable format that supports re-use. They can transfer their personal data from one controller to another and/or have the personal data transmit...

    Continue reading
  • Data Deletion

    We generally retain clients’ personal information for as long as is necessary for the performance of the contract between them and us and to comply with our regulatory obligations. Our customers can request the closure of their myPOS Account and the ter...

    Continue reading
  • Data Access

    Our clients have the right to receive a copy of the data we hold for them at any time. The request can be sent via e-mail to dpo@mypos.com.

    Continue reading
  • Correction (rectification) of client’s personal data

    Our customers can send us a request to correct inaccurate or incomplete personal information via email to dpo@mypos.com.

    Continue reading
  • Our retention periods

    Please be aware that, as a financial institution, we are required by the Payment Services Directive and money laundering legislation to keep client’s data for a period of 5 years after the termination of the contract/account of our customer.

    Continue reading
  • Data Protection Impact Assessment

    We have carried out a detailed review of all our data processing activities, by product and by department. We have analysed the grounds for processing, retention periods, technical and legal safeguards for our client’s rights and freedoms and we have en...

    Continue reading
  • Why are we taking pictures of an entity’s authorised persons and their ID documents and is it GDPR-compliant?

    myPOS Service is designed for business purposes and may be used by individuals or entities. In case you are registering for and/or using myPOS Services on behalf of an entity we will treat you as authorised person and you may be obliged to disclose to u...

    Continue reading
  • myPOS clients and their related personal data

    All of myPOS clients are legal entities (companies/corporations). The data about the sole traders is personal data under GDPR. The rest of the corporations/companies are not data subjects under the law. However, we are obliged to verify the identity of ...

    Continue reading
  • How we use the collected data?

    We use, store, and process the personal information to provide, understand, improve, and develop our services, create and maintain a secure environment, pursue our legitimate interests and comply with our legal obligations. For detailed information plea...

    Continue reading
  • The data we collect

    The personal data we collect and process is described in detail in our Privacy Policy. We process the personal data on the basis of different grounds, defined by GDPR – legal obligations, for the purposes of concluding and/or executing a legal relations...

    Continue reading
  • Internal policies

    The company’s internal policies are updated in accordance with the new GDPR requirements.

    Continue reading
  • Data Protection Officer, Privacy Team and GDPR Training

    All of our employees have undergone GDPR training, overseen by our on-site Privacy Team, Compliance Department and our outside privacy consultants. Each new employee must participate in a mandatory training session related to privacy regulations and bes...

    Continue reading
  • Organisational Readiness at myPOS

    The protection of our customers’ personal data is of utmost importance to us. In the last year, we've worked tirelessly to ensure all GDPR compliance requirements were met well in advance. We also follow all practices in this area and all issued guideli...

    Continue reading
  • Our commitment to you and the protection of your data

    As of May 25, 2018 the ‘General Data Protection Regulation’ or GDPR is enacted across all Member-states of the European Union and the European Economic Area. GDPR aims to harmonise the different data protection laws across the Member-states, leading to ...

    Continue reading