Welcome to Gateway Services (hereinafter “Gateway”, “We”, “Us”, “Our”)
Gateway Services is the “Data Controller” of the personal information that You voluntarily provided and is collected and used about Gateway Services customers for purposes of the General Data Protection Regulation (GDPR) (EU) 2016/679.
Gateway Services is registered in United Kingdom with registered offices at United Kingdom
COLLECTION AND USE OF PERSONAL INFORMATION
Personal data means any information relating to You which allows us to identify You.
In order to provide Our services, We may collect, process and disclose certain personal and/or non-personal and/or sensitive information about you. For certain transactions We may need to collect financial information or any other necessary information to verify Your request.
We may also collect personal data from You when create an account, use our website and / or App or when you contact us.
Specifically, We may collect the following categories of information:
Date of birth,
Passport or other recognized personal ID card documentation and details,
Additional Information which includes:
Certification of passport or ID
Proof of address in EU
Bank Account Information
Declaration of Source of Funds
Information about your cards, purchases, payments, products and services;
Information about your use of our website and/or App;
The communications you exchange with us or direct to us via letters, emails, chat service, calls, and social media.
Location, including real-time geographic location of your computer or device and your IP Address.
Personal details about alleged commission or conviction of criminal offences. Those are considered “sensitive” personal data under applicable data protection laws. We will process any such data only if you have given your explicit consent, or it is necessary (for instance if you request special assistance), or you have deliberately made it public.
AUTOMATIC COLLECTION OF PERSONAL DATA
When the Customer browses Gateway Services website, Gateway Services may collect information regarding the domain and host from which the Customer has access the Internet, the IP address of the computer or Internet Service Provider etc. In addition, Gateway Services may collect information and/or Sensitive Information that the Customer voluntarily provides through online registration and/or account opening, including information the Customer may provide to apply to become a Customer and/or if the Customer uses any of our online Customer services.
In addition, your IP address and access time may be tracked against your user ID for fraud prevention.
We may occasionally use a "click-through URL". When You click one of these URLs, You pass through Our web server before arriving at Your final destination. We track click-through to help Us improve the user experience, determine Your interest in particular topics and measure the effectiveness of Our customer communications. Protection of Your Personal Data Gateway Services is committed to the protection, in the highest degree possible, of Your personal data and lawfully to process these data, pursuant to the provisions of the legislation regarding Processing of Personal Data. Gateway Services processes personal data collected from You strictly by the law and We don’t disclose nonpublic personal information about Our customers to any third parties unless such disclosure is required by Processing of Personal Data Law or if the users of the website provide their consent thereto.
SHARING OR TRANSFER OF INFORMATION
Gateway Services may share and/or transfer Your Personal Information when it is needed. Gateway Services will only share any Personal Information and/or any Sensitive Information on the understanding the it will be kept confidential, and if We are sure that the disclosure, if it is required for the provision of Our services to You, will not infringe Your legitimate rights and freedoms. In addition, Gateway Services will only share and/or transfer any information and/or Sensitive Information if We are sure that the receiver agrees to apply the same levels of protection as required by the law and/or to the higher standards of Data Protection. The same levels of protection apply when Gateway Services will share and/or transfer an Information and/or Sensitive Information to another country inside and/or outside of the European Economic Area. In relation to all the above, Gateway Services will only share and/or transfer Personal and/or Sensitive Information if this is required for the receiver to provide services to Us.
In relation to the above, any sharing/transfer of any information will be achievable by giving your prior consent to Us. You also have the right to ask and given in detail of what information will be share/transfer and the reason for that action.
DISCLOURE OF YOUR INFORMATION
We may share your personal information with selected third parties including:
any affiliate of Gateway Services
our service providers and agents (including their sub-contractors);
payment-processing service providers and others that help us process your payments and/or provide our services to you. We may process the Information abroad, within or outside the European Union, provided we comply with the applicable laws and regulations and under the supervision of the FCA;
anyone to whom we transfer or may transfer our rights and duties stemming from the Agreement;
UK and overseas regulators and authorities about their duties (such as crime prevention);
fraud prevention agencies. We will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organizations (in the UK or other countries), including law enforcement agencies, to access this information to prevent and detect fraud, money laundering or other crimes. You can write to us at [email protected] for details of the fraud prevention agencies with which we share the Information;
credit reference agencies. Credit reference agencies may use the Information to undertake statistical analysis, testing and development to enhance their existing and future products and services. Credit reference agencies will keep a record of our enquiries, which may also be used by other organizations to make decisions about you. In order not to affect your ability to obtain credit, we will only make unrecorded enquiries, unless you confirm to us explicitly that you would like to apply for a credit through or from us. An unrecorded enquiry is a search that was not made for lending purposes. It cannot affect your credit rating or score when you apply for credit. It is not seen by lenders other than the one that carried out the search. It is included on your credit report so you know the search was made but does not affect your credit rating, or score, when you apply for credit;
any third party after a restructure, sale or acquisition of Gateway Services, if person uses the Information for the same purposes as it was originally given to us and/or used by us.
When we are sharing the Information with organizations in another country, we will ensure they agree to apply equivalent levels of protection as we do (for this purpose, we will take the necessary legal steps to ensure that such transfer is compliant with the law). If this is not possible – for example because we are required by law to disclose the Information – we will ensure the sharing of the Information is lawful.
WHAT DO WE USE YOUR PERSONAL DATA FOR, WHY AND FOR HOW LONG
We may use Your personal data to provide products and services You request. We use Your information You give Us to perform the services You have ask for in relation to account opening, card ordering, payments, transactions, loading card etc.
We also use Your personal data to send You or to communicate with You in case You want to cancel you card/account or if you want to change any information about You or in case we need to ask you about addition information or documentation.
Data that may be used are also Your payment information for accounting, billing and audit purposes but also for prevention and detection of fraudulent activities.
In addition, We may also use Your personal data for administrative or legal purposes, immigration or safety control since We are oblige to provide any necessary information to those agencies, for security/health/administrative/crime detection or prevention by passing your information to government authorities for compliance with legal requirements, for customer services communications to manage Our relationship with You or to improve Our services and, finally, for marketing purposes about promotion or products.
We will only process Your information, in relation to the above, where We have a legal basis to do so. The legal basis will depend on the reasons and material We have collected and need to use Your personal data for.
Furthermore, We may also process Your personal data to comply with a legal obligation, to protect Your vital interests and if it is in Our legitimate interests.
We will record keep Your personal data for up to 5 years in order to fulfill Our record keeping obligation as the Law provides. When We no longer need your personal data, We will securely delete or destroy it.
We follow strict security procedures in the storage and disclosure of Your personal data, and to protect it against accidental loss, destruction or damage. The data You provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
All payment details are transmitted over SSL across dedicated network infrastructure (Multiprotocol Label Switching-MPLS) and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS).
INTERNATIONAL DATA TRANSFER
Gateway Services operates business in multiple jurisdiction, some of those may locates outside of the European Economic Area. Although these countries do not have equivalent data protection laws, we require all services providers to process any information in a secure environment and in accordance with the EU Law on data protection. Also, we develop standard means under EU Law legitimize data outside the European Economic Area.
If You have submitted personal information to Gateway Services under most circumstances You have the right to reasonable access to that data to correct any inaccuracies. You can also make a request to update or remove information about You by contacting [email protected], and We will make all reasonable and practical efforts to comply with Your request, so long as it is consistent with applicable law and professional standards.
You are also required to comply with the EU Data Protection Law, various rules and regulations of the various credit and debit card organizations and networks relating to the security and safeguarding Merchants Data, but not limited to, PCI, CISP and SDP. You may be required to undergo periodic third-party data security assessments and periodic network scans to ensure that appropriate security measures are in place.
ACCEPTABLE SECURITY POLICY
Our Acceptable User Policy sets out the permitted uses and prohibited uses of Our site. When using Our site, You must comply with this Acceptable User Policy. You may use Our site only for lawful purposes.
You are not allowed to use Our site:
In any way that breaches any applicable local, national or international law or regulation.
In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
For the purpose of harming or attempting to harm minors in any way.
To send, knowingly receive, upload, download, use or re-use any material which does not comply with Our
To transmit, or procure the sending of, any unsolicited or unauthorized advertising or promotional material or any other form of similar solicitation (spam).
To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.
You also agree:
Not to access without authority, interfere with, damage or disrupt: any part of Our site or any equipment or network on which Our site is stored; any software used in the provision of Our site.
In relation to services given directly to a child the law provides that the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child. Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.
In relation to the above, our website is not designed to provide services to children below the age of 13 as we understand the importance protecting children's privacy, especially in an online environment.
DATA PROTECTION OFFICER
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. If you have any questions about this policy or how we handle your personal information, please contact the DPO, [email protected]. You have the right to make a complaint at any time to a supervisory authority.
YOUR DATA PROTECTION RIGHTS
In accordance with the law you have the following rights:
Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it
Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you want to exercise any of these rights you can do it:
in writing by post. Written complaints may be addressed to: Customer Service, Gateway Services United Kingdom.
verbally by calling the following telephone number: +357 2524.9999;
in electronic form by using the contact methods provided on https://gateway-services.com.
AMENDMENTS TO PRIVACY STATEMENT