Last amended as of: 15 June 2021
ENSO considers the observance and protection the interests of our Merchants as the main principles of our work. This principle is also reflected in the collection, storage, processing and transmission of any information relating directly or indirectly to a specific or determined individual (subject of personal data) (hereinafter “Personal Data”).
The purpose of this Policy is to provide you with a complete and transparent understanding regarding: the legal basis for the collection and processing of your Personal Data; categories of Personal Data that we may collect about you; what happens to the Personal Data we collect; where we process your personal data; how much we store your personal data; to whom we may transfer your Personal Data; and also explain your rights as a personal data subject.
"You, Merchant’s representatives" in this Policy means a person, including any shareholders, beneficial owners, principals, directors, general signatories and staff members accessing our website located at https://ensopay.com/ (hereinafter referred to as the "Website"), contacts us with an application to use our Services or with questions about the Account. The Policy also applies to all visitors to our Website.
Please read this document carefully to understand our Policy and practices regarding your Personal Data and how we will treat it. By accessing our Website and using our Services, you agree to collect, use and transfer your Personal Data in accordance with this Policy.
This Policy is an integral part of the Terms of Service, hereinafter referred to as the «Agreement».
Please read carefully the Policy as well as the Terms of Service, before using ENSO. If you wish to become our Merchant, you shall read this Policy in its entirety. If you disagree with this Policy, please do not use our Services.
The terms used in this Policy shall be understood in accordance with the Terms of Service and the applicable law.
FinTech Assn Ltd. - a company registered in accordance with the laws of the United Kingdom, registration number: 12630566, registration address: Unit 111375, 2nd Floor, 6 Market Place, London, Fitzrovia, United Kingdom, W1W 8AF (hereinafter “ENSO,“ we ”,“ us ”).
The rules for the processing of Personal Data set forth in this Policy explain our approach to the processing and protection of Personal Data when interacting with our Website or Services. In our approach we comply with the Regulation No. 2016/679 of the European Parliament and the Council, General Data Protection Rules (hereinafter “GDPR”).
In order to prevent the unlawful use of our Services for the purposes of legalizing the proceeds of crime and the financing of terrorism, in order to identify it, we collect the Merchant’s representatives Personal Data specified below in accordance with established cases. Please note that in accordance with UK Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (hereinafter “AML act”), we may additionally conduct checks of Merchants and request other categories of data.
To be able to receive an access to our Services ENSO will ask Merchant’s representative provide the following Personal Data:
We collect the above Personal Data in order to fulfill the Agreement with you in accordance with Article 6 (1) (b) GDPR and in order to fulfill our legal obligations under Article 6 (1) (c) GDPR.
We may also collect non-personal information about You, which does not identify You as a specific individual. Such non-personal information that we may collect includes:
- Merchant’s data, such as a company’s name, goods and service offerings, certificate of incorporation, Memorandum and Articles of Association, bank account details.
You hereby confirm that any Personal Data provided by you is true, accurate and applies exclusively to you or that you provided only such data, the use of which does not violate the rights of third parties. You should always notify us of any changes to your Personal Data in order to process only complete and current data, regardless of whether such an update is requested or not required.
We process your personal data legally. Therefore, we process your Personal Data only if:
ENSO protects your personal data and provides it to third parties only in the cases specified in this Policy:
We do not disclose information that can personally identify you to any person, except as described in this Policy, including:
All categories of Personal Data received from the Merchant’s representatives are stored on servers in the European Economic Area (EEA), in Germany. Personal data may also be processed by employees working within and / or outside the EEA who work for ENSO or one of our Payment Partners. Such employees may, inter alia, engage in the provision of ancillary services in the provision of services within our Services. We will take all reasonable steps to ensure the safe handling of your Personal Data in accordance with this Policy.
We always comply with the GDPR, as well as the provisions of AML act on the protection of Personal Data, in relation to any such transfer of Personal Data. Please note that in countries outside the EEA, the level of data protection may differ from the level of data protection in EEA countries: however, in all cases, our requirements for the storage and use of your Personal Data will continue to be governed by this Policy.
ENSO may process payments through other Payment Partners as part of our Services. Payment Partners can process and store your Personal Data outside the EEA, and we and they must disclose your information to foreign authorities to help them in the fight against crime and terrorism. Please note that if these organizations are based outside the EEA, your Personal Data may not be protected in accordance with the same standards.
We pay great attention to the security and privacy policies of ENSO, which our colleagues must support, adherence to internal instructions and selection of contract partners who must always meet the highest standards of protection and will always treat your data in accordance with these policies. When processing your Personal Data, we use the most advanced technical resources for maximum protection.
We process your Personal Data in such a way as to prevent any unauthorized and / or accidental access to Personal Data, their change, destruction or loss, unauthorized transfer and unauthorized processing, as well as any other improper use of your Personal Data.
All data storage systems are protected in accordance with the applicable standards and are themselves not available in our Services. Conventional means are used to protect data from known types of external attacks. We do not use profiling or automated decision-making.
For example, we provide:
Third parties to whom Personal Data can be transferred to support the operation of ENSO may be located in other countries where Personal Data Processing laws may be less stringent than in your country. From time to time, Personal Data can also be stored in other places, and in such cases we guarantee that Personal Data will be stored and processed with the appropriate level of protection and security.
ENSO can periodically make changes to the Policy: in case of significant changes, ENSO will publish notices on the Website, in the Merchant’s Account or otherwise notify you so that you can read the changes before how to continue working with our Services. If you do not agree with any changes, you as a Merchnt’s representative can delete Merchant’s Account. Continuing to work with ENSO after publishing or distributing a notice of changes to the Policy means that you agree with the changes made.
Here we have summarized the principal rights that you have under data protection law. Some of the rights are complex, might contain restrictions depending on the legal basis for processing the data and not all of the details have been included in our summaries. For example, you will not be able to request that we delete all of your Personal Data if you used our Services because it will be necessary for our accounting obligations. We will always let you know the legal basis for this. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Right to access
As a data subject you have the right to obtain from us free information about your Personal Data processed at any time and a copy of this information. Furthermore, you will have access to the following information: the purposes of the processing; the categories of Personal Data concerned; where possible, the envisaged period for which the Personal Data will be processed, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of Personal Data, or restriction of processing of Personal Data concerning you, or to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; where the Personal Data are not collected directly from you, any available information as to their source; and the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.
Right to rectification
You have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Data completed via your Account, including by means of providing a supplementary statement.
Right to be forgotten
You have the right to obtain from us the erasure of Personal Data concerning you as soon as possible, and we shall have the obligation to erase Personal Data without undue delay where required by the law, including when:
Right to restriction of processing
You have the right to obtain from the restriction of processing where one of the following applies:
Right to object
You have the right to object, on grounds relating to your particular situation, at any time, to the processing of Personal Data concerning you. We shall no longer process the Personal Data in the event of the objection, unless we can demonstrate reasonable grounds for the processing, which override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.
Right to withdraw data protection consent
To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time.
You may exercise any of your rights in relation to your Personal Data by contacting our customer support.
Right to transfer data
If we process your data in accordance with the contract or with your consent and by automated means, you have the right to receive personal data concerning you in a structured, widely used and machine-readable format, or you have the right to transfer your personal data to another controller of your choice. This right shall not adversely affect the rights and freedoms of other parties.
Your right to lodge a complaint with the information commissioner's office
You have the right to complain to the Information Commissioner's Office (ICO) if you believe that we illegally use your personal data. However, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
For information on contacting the ICO please see their website at www.ico.org.uk
Rights related to automated decision-making and profiling
As a data subject, you have the right not to be subjected to a decision based solely on automated processing.
All Personal Data is usually processed in the EU member states (in Germany). Your data is never transferred outside the EU Member States, unless otherwise described in this Policy.
If we find that there is a risk to the security of your Personal Data, we will immediately notify you of this fact.
We process your Personal Data during the term of our Agreement and not more than 5 years after its termination, in order to comply with our accounting obligations, to resolve any disputes that may arise regarding the relationship between the Merchant and ENSO.
If anything is left unclear in the text of this Policy, we will be happy to clarify its provisions.
For questions related to the processing of your Personal Data, please contact us via email firstname.lastname@example.org