“Personal data” means any information relating to an identified or identifiable person (“Data Subject”). Identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: name, a photograph, address, an e-mail, an identification number, location data, an online identifier – e.g. IP address, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Policy explains to you how CSC24Seven uses and secures your personal data whilst you are using the CSC24Seven website (https://www.csc24seven.eu) or any web portal that is owned and hosted by CSC24Seven when you enter into a contract with us as a Client.
CSC24Seven.com Limited is an electronic money institution operating under license No. 126.96.36.199 granted by the Central Bank of Cyprus (https://www.centralbank.cy). As a regulated financial firm we collect Customers data in order to comply with our legal obligations laid down by the rules governing our operations. CSC24Seven uses personal information to identify and verify our Customers and support them with proper management of accounts and transactions, but also to reduce effectively any exposure to fraud.
Our registered head office is located in Cyprus at: 23, Zachariadhes Court, 15, Nicodemou Mylona Street, Larnaca, 6010, Cyprus.
Please contact us if you have any questions about how your personal information is used by us at e-mail: [email protected] or by writing to us at the registered address specified above.
This policy was last updated on 23rd March, 2018.
We collect personal information about you when you apply to become a Client and open account with CSC24Seven. This information may include: your name, date of birth, nationality, home address, details on occupation, contact information such as phone number and email address, but also identity verification information including: images of your government issued identity document (passport, national ID Card or driving license), residence verification information such as utility bill details or similar information. In some circumstances we may conduct a background check on your financial situation by obtaining information about your business and source of wealth, in order for us to comply with our anti-money laundering obligations under the European Law.
Using your device: When you use CSC24Seven services using any device, we may additionally collect and store device sign-on data (including but not limited to device ID) and location data in order to provide our services with the best user experience. We also collect the Internet address (IP address) and other identifying information about the computer or device you use to access your CSC24Seven account or use our services in order to detect possible instances of unauthorized access to your account.
We collect information on which pages of our website you visit, IP addresses, the type of browser you use and the times you access our website.
Communications: When you communicate with us for customer service or other purposes (e.g., by e-mails, phone calls, faxes, etc.), we retain such information and our responses to you in the records of your account.
What are cookies?
A cookie is a small file of letters and numbers downloaded on to a device (computer, smart phone etc.) when the user accesses certain websites. Cookies allow a website to recognize a user’s device.
Different categories of cookies:
Cookies that we use:
We use two cookies which are essential for its backend server software (ColdFusion) to work properly: CFID and CFTOKEN. These are used as a pair to create a unique session ID in order that our web systems can uniquely identify a visitor’s session. This information is not used or stored outside of our systems. No personal information of any kind, related to the visitor, is collected or stored in these cookies. These are session cookies and will expire when your session expires (i.e. when you close your browser or navigate to another page).
Additional Information about cookies you can find at: http://www.allaboutcookies.org
We use your personal information to service your account and to improve our service to you. We strictly obey to the following principles when using your personal data:
a) We are doing our very best to ensure that your personal information is processed lawfully, fairly and in a transparent manner
b) We limit the personal information collected from you to what is necessary in relation to the purposes for which it is processed and try to maintain this information accurate and up to date
c) We store your personal data for no longer periods than is necessary for the purposes for which it is processed. We will retain and use your information as required to comply with our legal obligations
d) We apply necessary measures to process Customers data in a manner that ensures its security, integrity and confidentiality
CSC24Seven collects your personal information for the below stated purposes and you agree that we may use that information to:
a) To verify your identity and comply with applicable laws and regulations relating to the prevention of money laundering and terrorist financing
b) To process your transactions
c) To manage risk, detect and prevent fraud or other illegal uses of our services
d) To help us in responding to your requests for services and support
e) To contact you and communicate to you information and updates related to your use of our services and any other important information
f) To detect or remediate violations of our policies and applicable agreements
We communicate with our Customers via email to provide the requested services. We may also communicate with Customers by phone to:
We use your email or physical address to confirm the opening of your CSC24Seven account, to send you activation code of your pre-paid card, to send you information about changes to our products and services, and to send notices and other disclosures required by law.
We may communicate with you as described above by SMS to send you transaction notification alerts or tokens to process certain transactions on your account.
There are circumstances in which we may need to share your personal data. We may need to do this in order to help us carry out our operations. In processing your transactions we may disclose your Personal Information to third parties, to legal and regulatory authorities or may transfer it for processing outside the European Economic Area (“EEA”).
Disclosure to third parties
Your information will not be sold, exchanged, or shared with any third parties without your consent, except where required by law.
Third parties cannot use personally identifiable information about our Customers for any secondary purposes without your explicit consent.
You agree that we may share your personal information with:
a) third party service partners, who are acting on our behalf as data processors, with any member of our group or with our ultimate holding company
b) selected third parties including business partners or agents for the performance of any contract we enter into with them or with you
Third Party Sites
If you open a CSC24Seven account directly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on a CSC24Seven website) will be shared with the owner of the third party website or application. These sites are governed by the Merchant’s own privacy policies and you are encouraged to review their privacy policies before providing them with personal information. CSC24Seven is not responsible for the protection of personal data policy of those Merchants.
Disclosure to Legal Authorities
We may share your Personal Information with Regulators, law enforcement agencies, data protection authorities, government officials or other authorities in the following situations:
a) In connection with a formal request, subpoena, court order, or other legal procedure
b) When we believe in good faith that the disclosure is necessary to prevent money laundering, terrorist financing, tax evasion or other illegal activity
The Personal Information you provide to us is stored on our secure servers. Any payment transaction is securely encrypted. You are responsible to keep strictly confidential any security credentials provided to you for access to our site and to your personal account. We ask you not to share them with anyone.
The data that we collect from you may be transferred to and stored at a destination both within and outside of the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our partners. This could be related to fulfilment of your order, processing of your payment details and provision of support services.
In order to comply with the legal requirements regarding the prevention of money laundering and countering terrorist financing, we are obliged to keep Customers personal information together with audit trail of their transactions for at least five years after the end of the business relationship. In case of on-going criminal investigations and legal proceedings, further retention of records for a period not exceeding an additional five years may be required.
We use a variety of security measures to ensure the confidentiality of your Personal Information and protect your Personal Information from loss, theft, unauthorized access, misuse, alteration or destruction. We conform to the PCI DSS standards for protection of data and have implemented security measures including, but not limited to:
To prevent data loss, the information is stored in a secure clustered environment and backups are performed regularly. All our databases use encryption and all sensitive data is encrypted before being transferred electronically. Access to sensitive data is restricted to prevent data alteration.
Only authorized personnel are permitted access to your Personal Information, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
As an individual, you have certain rights under the GDPR regarding the use of your personal information. These rights include the following:
Upon receipt of your complaint we will investigate it and respond to you within a month time. Where this deadline can not be observed, we will explain to you the reason and will notify to you the extended time for reply.
Your right to lodge a complaint with the Supervisory Authority
Where you believe that CSC24Seven has not resolved your complaint in satisfactory manner, you have the right to complain to the Supervisory Authority. Their details are:
Office of the Commissioner for Personal Data Protection of Cyprus
1, Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]