Privacy Policy
OVERVIEW
ATFOR LTD ("we," "us," "Company") respect your privacy and are committed to protecting it through our compliance with this Privacy Policy (the "Privacy Policy," "Policy"). This Policy describes the types of information that we may collect from you when you access or use our Website – https://atforpay.com/ and other online services (collectively, our "Services"); and our practices for collecting, using, maintaining, protecting and disclosing that information.
The purpose behind this policy is to inform you of how Company protects the privacy of your communications and processes your personal data as well as the rights you have with regard to your access to and use of this Website and other services (as specified herein) provided by us. We are committed to comply with the European General Data Protection Regulation 2016/679 (the “GDPR”) and Cypriot Law 125 (I) of 2018.
This policy applies only to information we collect through our Services and in the electronic communications sent through or in connection with our Services.
TERMS
User
"User" or "you" or "your" refers to you, as a user of the Services. A user is someone who accesses or uses the Services for the purpose of sharing, displaying, hosting, publishing, transacting, uploading information or viewing pictures and includes other persons jointly participating in using the Services.
Content
"Content" will include (but is not limited to) images, photos, audio, video, location data, 'nearby places', and all other forms of information or data.
WHAT USER INFORMATION WE OBTAIN?
Company may collect and use information of and regarding its Users. We collect only data which is essential to our operations and enables us to provide you with better user experience.
The information through which a person may be identified may include data that the User voluntarily enters, uses or provides when using the Services of the Website. Company collects and uses the information for the purposes outlined in this Privacy Policy, as well as to offer new services to the User or to familiarise them with new functionalities on the Website.
We may also use certain performance-tracking tools, such as Google Analytics. Through the use of Google Analytics we gather information regarding your behaviour and preferences when using our online platform.
We collect two types of information from and about our Users, including information:
by which you may be personally identified; and/or
about your internet connection, the equipment you use to access our Services and your usage details (e.g., your Internet Service Provider).
The information we collect on or through our Services may include:
Contact Information: Your contact information, such as email address, phone numbers and other ways of communication. We collect this information in order to provide you with access to certain features of our Services and to inform you about relevant information concerning your use of our Services.
Preferences: Your preferences and settings such as time zone and language. We collect this information in order to enhance your user experience. Services.
Searches and other activities: The search terms you have looked up and results you selected. We collect this information in order to improve your user experience and provide you with more relevant content and Services.
Browsing information: How long you used our Services, which features you used, etc. We collect this information in order to analyse the behaviour of our users and improve our Services.
Communications: Between you and Company support staff regarding the Services. We collect this information in order to monitor the quality of our support staff and your communications with us.
Location Data: We may collect information about your location if you have instructed your mobile device or computer to send such information via the privacy settings on that device. We may use the location data collected to enhance your use of the Services by providing you with relevant content and contextual advertising.
Cookies: We use cookies and similar tracking technologies to understand how people use our Website and improve its functionality. Most cookies are automatically deleted after your visit, while others remain until deleted manually. By using our Website without blocking or disabling cookies, you consent to our use of these technologies. You can opt-out or configure your browser to manage cookies according to your preferences. We use cookies to enhance your browsing experience on our Website.
METHODS OF COLLECTING INFORMATION
How we collect and store information depends on the pages you are visiting, the activities in which you elect to participate and the services provided. For example, you may be asked to provide information when you register for access to certain portions of our Website, request certain features such as e-mail newsletters, or when you make a payment. Like most Websites, Company also collects information automatically and through the use of electronic tools that may be transparent to our visitors and Users. For example, we may log the name of your Internet Service Provider.
HOW WE PROCESS USER INFORMATION
Purpose and Legal Basis for Processing:
Service Provision: To fulfill our contractual obligations and provide requested services.
Customer Support: To address inquiries and offer support.
Website Functionality: To ensure the efficient operation of our website.
Consent: For direct marketing.
Legitimate Interests: Compliance and Legal Obligations.
Data retention:
We will retain the information we collect from you for a maximum of seven years, or less if it is no longer necessary for the provision of the Company services to you. Except circumstances we must keep your data for a longer period, as it mandatory requires by Law.
DISCLOSURE
We may disclose data that concerns you only if (i) we are legally required to do so; (ii) if required when you expressly order us to process a transaction or any other service and (iii) it is required for the provision of our Services under our contractual relationship and/or (iv) protection of our legitimate interests, in accordance with the provisions of the GDPR and applicable local legislation as amended from time to time.
We may share your personal data in the following circumstances, the following are examples of where and how your information may be transferred, but please note this is not an exhaustive list and that due to ongoing changes in our IT and operational infrastructure this may change at any time:
We may share your data between the Company on a confidential basis to provide you with our Services.
We may have to share your personal data with third-party service providers, processing data on our behalf, who help us with our business operations. When your personal data is shared with a third party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organization, as it does within it. Your personal data is shared with third-party organizations/entities including but not limited to:
Service Providers. We may share your personal data with our trusted third-party service providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT infrastructure, our websites, manage our payment solutions, perform statistical analysis, marketing, and advertising purposes, sending newsletters, provide customer support and perform other important services for us. We will store and process your data following industry best practices and security.
Regulator and state authorities. The Company will make such disclosure only if required to be disclosed by the Company by applicable law, regulation, or court order and to the minimum required extent.
Other disclosures. In addition to where you have consented to a disclosure of the data or where disclosure is necessary to achieve the purpose(s) for which, it was collected, data may also be disclosed in special situations, where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities, or otherwise where necessary for the establishment, exercise or defense of legal claims. Where reasonably possible, management shall ensure that third parties collecting, storing, or processing personal information on behalf of the Company have:
Signed agreements to protect personal information consistent with this Privacy Notice and information security practices or implemented measures as prescribed by GDPR;
Signed non-disclosure agreements or confidentiality agreements which include privacy clauses in the contract; and/or
Established procedures to meet the terms of their agreement with a third party to protect personal data.
International Transfers. We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognized by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.
Should there be a business need to transfer or process your data to company(ies) and/or third parties might imply a transfer of your data to third countries, countries, or regions which do not offer the same level of protection as the laws of your country (for example GDPR) (so-called Third Countries) we will ensure that they are subject to appropriate security measures and safeguards as deemed appropriate under GDPR and other relevant national and international data protection laws or that we otherwise comply with the requirements and standards under Regulation 2016/679 for transferring Personal Data abroad. This may include entering into the appropriate contractual agreements to regulate any such transfers and safeguard any personal information transferred to them. A transfer to a company and/or a third party based in a Third Country would only take place where one of the following applies:
The individual has given consent to the transfer of information
The transfer is necessary for the performance of a contract between the individual and the Company, or the implementation of pre-contractual measures taken in response to the individual’s request.
The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between Company and a third party.
The transfer is necessary or legally required on important public interest grounds or for the establishment, exercise, or defense of legal claims.
The transfer is required by law.
The transfer is necessary to protect the vital interests of the individual.
The transfer is made under a data transfer agreement.
The transfer is otherwise legitimized by applicable law.
YOUR RIGHTS
Under certain circumstances, in accordance with GDPR and the applicable local legislation as amended from time to time you have rights, which we will always work to uphold. Some of the rights are rather complex and include exemptions, thus we strongly advise you to contact us and/or seek guidance from the regulatory authorities for a full explanation of these rights.
The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
The right to access the personal data we hold about you. Upon request and verification of your identity, we will send you a copy of the personal data we hold about you.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed if we have that data.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. We may not always be able to comply with your request of erasure for specific legal reasons, for which you will be notified. Please note that retention requirements supersede any right to erasure requests under the data protection laws.
The right to restrict (i.e. prevent) the processing of your personal data. Please note that any requests in relation of the processing of your data means that we may not be able to provide you with the service, in which case you will be notified.
The right to object us in using your personal data for a particular purpose or purposes.
The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Right to Lodge a Complaint: You can lodge a complaint with supervisory authority if you feel your rights are violated. The current contact details of Office of the Commissioner of Personal Data Protection of the Republic of Cyprus are as follows:
Office address: Kypranoros 15, Nicosia 1061 , CyprusPostal address:P.O.Box 23378, 1682 Nicosia, Cyprus Tel: +357 22818456 Fax: +357 22304565 Email: commissionerdataprotection.gov.cy
ACCESSING & CORRECTING YOUR PERSONAL INFORMATION
We take reasonable steps to accurately record the personal information that you provide to us, as well as any subsequent updates. We encourage you to review, update and correct the personal information that we maintain about you. You may request that we delete personal data about you that is inaccurate, incomplete, irrelevant for legitimate purposes, or is being processed in a way which infringes any applicable legal requirements.
SECURITY: HOW WE PROTECT YOUR INFORMATION
We have implemented appropriate measures in the form of various technical, physical and other means, including but not limited to measures regarding the security of our electronic systems and databases. These means aim at improving the integrity and security of the personal information that we collect and maintain. However, please be advised that even the best security measures cannot guarantee the full elimination of all risks. If we learn of any breach or danger to our security systems, we will attempt to notify you electronically so that timely and appropriate protective steps can be taken. Apart from informing you via e-mail, we may post a notice through the Website if a security breach occurs.
Your personal-data safety is of utmost importance to us. We review and strive to improve our security measures on a regular basis. If we detect a breach of our security measures which has the potential of harming you as an individual, we will notify you without undue delay.
While we take steps to ensure security, you should also take personal measures to protect your information, such as using strong passwords and keeping software up-to-date.
CHILDREN'S PRIVACY
We dont knowingly collect personal information from children under the age of eighteen. If we learn that we have personal information on a child under the age of eighteen, we will delete that information from our servers.
CHANGES TO THIS POLICY
Company reserves the right to change this Privacy Policy at any time. Please check this page periodically for changes. Your use of the Services after any such amendment or change in the Privacy Policy shall be deemed as your express acceptance of such amended/changed Privacy Policy and an assent to be bound by such amended/changed Privacy Policy. Information collected prior to the time any change is posted will be used according to the rules and laws that applied at the time the information was collected.
COPYRIGHTS
The copyrights of our Website are the property of the Company.
Software, texts, graphics, photographs, animations, videos and clips visible on the Website are the object of copyright and are part of the intellectual property of the Company. These may not be reproduced, used, presented or represented without an explicit written permission of the Company. Any distribution of files or of parts of such files, constitutes a violation of the relevant intellectual-property protection laws and is prosecuted by the law.
Nothing contained on this Website may be interpreted as granting a license or right of use as a trademark without the prior explicit written consent of the Company.
MISCELLANEOUS
Company is controlled, operated and administered entirely within Cyprus.
If you are accessing the Website from another jurisdiction, please be advised that you are transferring your personal information to Company in Cyprus and, by using the Website, you consent to that transfer and to abide by the applicable laws concerning your use of the Website and your agreements with us.
CONTACT
Company is controlled, operated and administered entirely within Cyprus.
If you are accessing the Website from another jurisdiction, please be advised that you are transferring your personal information to Company in Cyprus and, by using the Website, you consent to that transfer and to abide by the applicable laws concerning your use of the Website and your agreements with us.